Compact and aligned text (CAT)

The compact and aligned text (CAT) APIs aim are intended only for human consumption using the Kibana console or command line. They are not intended for use by applications. For application consumption, it's recommend to use a corresponding JSON API. All the cat commands accept a query string parameter help to see all the headers and info they provide, and the /_cat command alone lists all the available commands.

Get field data cache information

GET /_cat/fielddata/{fields}

Api key auth Basic auth Bearer auth

Get the amount of heap memory currently used by the field data cache on every data node in the cluster.

IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the nodes stats API.

Path parameters

fields string | array[string] Required

Comma-separated list of fields used to limit returned information. To retrieve all fields, omit this parameter.

Query parameters

bytes string

The unit used to display byte values.

Values are b, kb, mb, gb, tb, or pb.
fields string | array[string]

Comma-separated list of fields used to limit returned information.
h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
  
  node id
- host string
  
  host name
- ip string
  
  ip address
- node string
  
  node name
- field string
  
  field name
- size string
  
  field data usage

GET /_cat/fielddata/{fields}

curl \
 --request GET 'http://api.example.com/_cat/fielddata/{fields}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_cat/fielddata?v=true&fields=body&format=json`. You can specify an individual field in the request body or URL path. This example retrieves heap memory size information for the `body` field.

[
  {
    "id": "Nqk-6inXQq-OxUfOUI8jNQ",
    "host": "127.0.0.1",
    "ip": "127.0.0.1",
    "node": "Nqk-6in",
    "field": "body",
    "size": "544b"
  }
]

A successful response from `GET /_cat/fielddata/body,soul?v=true&format=json`. You can specify a comma-separated list of fields in the request body or URL path. This example retrieves heap memory size information for the `body` and `soul` fields. To get information for all fields, run `GET /_cat/fielddata?v=true`.

[
  {
    "id": "Nqk-6inXQq-OxUfOUI8jNQ",
    "host": "1127.0.0.1",
    "ip": "127.0.0.1",
    "node": "Nqk-6in",
    "field": "body",
    "size": "544b"
  },
  {
    "id": "Nqk-6inXQq-OxUfOUI8jNQ",
    "host": "127.0.0.1",
    "ip": "127.0.0.1",
    "node": "Nqk-6in",
    "field": "soul",
    "size": "480b"
  }
]

Get node information

GET /_cat/nodes

Api key auth Basic auth Bearer auth

Get information about the nodes in a cluster. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the nodes info API.

Query parameters

bytes string

The unit used to display byte values.

Values are b, kb, mb, gb, tb, or pb.
full_id boolean | string

If true, return the full node ID. If false, return the shortened node ID.
include_unloaded_segments boolean

If true, the response includes information from segments that are not loaded into memory.
h string | array[string]
A comma-separated list of columns names to display. It supports simple wildcards.

Supported values include:
- build (or b): The Elasticsearch build hash. For example: 5c03844.
- completion.size (or cs, completionSize): The size of completion. For example: 0b.
- cpu: The percentage of recent system CPU used.
- disk.avail (or d, disk, diskAvail): The available disk space. For example: 198.4gb.
- disk.total (or dt, diskTotal): The total disk space. For example: 458.3gb.
- disk.used (or du, diskUsed): The used disk space. For example: 259.8gb.
- disk.used_percent (or dup, diskUsedPercent): The percentage of disk space used.
- fielddata.evictions (or fe, fielddataEvictions): The number of fielddata cache evictions.
- fielddata.memory_size (or fm, fielddataMemory): The fielddata cache memory used. For example: 0b.
- file_desc.current (or fdc, fileDescriptorCurrent): The number of file descriptors used.
- file_desc.max (or fdm, fileDescriptorMax): The maximum number of file descriptors.
- file_desc.percent (or fdp, fileDescriptorPercent): The percentage of file descriptors used.
- flush.total (or ft, flushTotal): The number of flushes.
- flush.total_time (or ftt, flushTotalTime): The amount of time spent in flush.
- get.current (or gc, getCurrent): The number of current get operations.
- get.exists_time (or geti, getExistsTime): The time spent in successful get operations. For example: 14ms.
- get.exists_total (or geto, getExistsTotal): The number of successful get operations.
- get.missing_time (or gmti, getMissingTime): The time spent in failed get operations. For example: 0s.
- get.missing_total (or gmto, getMissingTotal): The number of failed get operations.
- get.time (or gti, getTime): The amount of time spent in get operations. For example: 14ms.
- get.total (or gto, getTotal): The number of get operations.
- heap.current (or hc, heapCurrent): The used heap size. For example: 311.2mb.
- heap.max (or hm, heapMax): The total heap size. For example: 4gb.
- heap.percent (or hp, heapPercent): The used percentage of total allocated Elasticsearch JVM heap. This value reflects only the Elasticsearch process running within the operating system and is the most direct indicator of its JVM, heap, or memory resource performance.
- http_address (or http): The bound HTTP address.
- id (or nodeId): The identifier for the node.
- indexing.delete_current (or idc, indexingDeleteCurrent): The number of current deletion operations.
- indexing.delete_time (or idti, indexingDeleteTime): The time spent in deletion operations. For example: 2ms.
- indexing.delete_total (or idto, indexingDeleteTotal): The number of deletion operations.
- indexing.index_current (or iic, indexingIndexCurrent): The number of current indexing operations.
- indexing.index_failed (or iif, indexingIndexFailed): The number of failed indexing operations.
- indexing.index_failed_due_to_version_conflict (or iifvc, indexingIndexFailedDueToVersionConflict): The number of indexing operations that failed due to version conflict.
- indexing.index_time (or iiti, indexingIndexTime): The time spent in indexing operations. For example: 134ms.
- indexing.index_total (or iito, indexingIndexTotal): The number of indexing operations.
- ip (or i): The IP address.
- jdk (or j): The Java version. For example: 1.8.0.
- load_1m (or l): The most recent load average. For example: 0.22.
- load_5m (or l): The load average for the last five minutes. For example: 0.78.
- load_15m (or l): The load average for the last fifteen minutes. For example: 1.24.
- mappings.total_count (or mtc, mappingsTotalCount): The number of mappings, including runtime and object fields.
- mappings.total_estimated_overhead_in_bytes (or mteo, mappingsTotalEstimatedOverheadInBytes): The estimated heap overhead, in bytes, of mappings on this node, which allows for 1KiB of heap for every mapped field.
- master (or m): Indicates whether the node is the elected master node. Returned values include * (elected master) and - (not elected master).
- merges.current (or mc, mergesCurrent): The number of current merge operations.
- merges.current_docs (or mcd, mergesCurrentDocs): The number of current merging documents.
- merges.current_size (or mcs, mergesCurrentSize): The size of current merges. For example: 0b.
- merges.total (or mt, mergesTotal): The number of completed merge operations.
- merges.total_docs (or mtd, mergesTotalDocs): The number of merged documents.
- merges.total_size (or mts, mergesTotalSize): The total size of merges. For example: 0b.
- merges.total_time (or mtt, mergesTotalTime): The time spent merging documents. For example: 0s.
- name (or n): The node name.
- node.role (or r, role, nodeRole): The roles of the node. Returned values include c (cold node), d (data node), f (frozen node), h (hot node), i (ingest node), l (machine learning node), m (master-eligible node), r (remote cluster client node), s (content node), t (transform node), v (voting-only node), w (warm node), and - (coordinating node only). For example, dim indicates a master-eligible data and ingest node.
- pid (or p): The process identifier.
- port (or po): The bound transport port number.
- query_cache.memory_size (or qcm, queryCacheMemory): The used query cache memory. For example: 0b.
- query_cache.evictions (or qce, queryCacheEvictions): The number of query cache evictions.
- query_cache.hit_count (or qchc, queryCacheHitCount): The query cache hit count.
- query_cache.miss_count (or qcmc, queryCacheMissCount): The query cache miss count.
- ram.current (or rc, ramCurrent): The used total memory. For example: 513.4mb.
- ram.max (or rm, ramMax): The total memory. For example: 2.9gb.
- ram.percent (or rp, ramPercent): The used percentage of the total operating system memory. This reflects all processes running on the operating system instead of only Elasticsearch and is not guaranteed to correlate to its performance.
- refresh.total (or rto, refreshTotal): The number of refresh operations.
- refresh.time (or rti, refreshTime): The time spent in refresh operations. For example: 91ms.
- request_cache.memory_size (or rcm, requestCacheMemory): The used request cache memory. For example: 0b.
- request_cache.evictions (or rce, requestCacheEvictions): The number of request cache evictions.
- request_cache.hit_count (or rchc, requestCacheHitCount): The request cache hit count.
- request_cache.miss_count (or rcmc, requestCacheMissCount): The request cache miss count.
- script.compilations (or scrcc, scriptCompilations): The number of total script compilations.
- script.cache_evictions (or scrce, scriptCacheEvictions): The number of total compiled scripts evicted from cache.
- search.fetch_current (or sfc, searchFetchCurrent): The number of current fetch phase operations.
- search.fetch_time (or sfti, searchFetchTime): The time spent in fetch phase. For example: 37ms.
- search.fetch_total (or sfto, searchFetchTotal): The number of fetch operations.
- search.open_contexts (or so, searchOpenContexts): The number of open search contexts.
- search.query_current (or sqc, searchQueryCurrent): The number of current query phase operations.
- search.query_time (or sqti, searchQueryTime): The time spent in query phase. For example: 43ms.
- search.query_total (or sqto, searchQueryTotal): The number of query operations.
- search.scroll_current (or scc, searchScrollCurrent): The number of open scroll contexts.
- search.scroll_time (or scti, searchScrollTime): The amount of time scroll contexts were held open. For example: 2m.
- search.scroll_total (or scto, searchScrollTotal): The number of completed scroll contexts.
- segments.count (or sc, segmentsCount): The number of segments.
- segments.fixed_bitset_memory (or sfbm, fixedBitsetMemory): The memory used by fixed bit sets for nested object field types and type filters for types referred in join fields. For example: 1.0kb.
- segments.index_writer_memory (or siwm, segmentsIndexWriterMemory): The memory used by the index writer. For example: 18mb.
- segments.memory (or sm, segmentsMemory): The memory used by segments. For example: 1.4kb.
- segments.version_map_memory (or svmm, segmentsVersionMapMemory): The memory used by the version map. For example: 1.0kb.
- shard_stats.total_count (or sstc, shards, shardStatsTotalCount): The number of shards assigned.
- suggest.current (or suc, suggestCurrent): The number of current suggest operations.
- suggest.time (or suti, suggestTime): The time spent in suggest operations.
- suggest.total (or suto, suggestTotal): The number of suggest operations.
- uptime (or u): The amount of node uptime. For example: 17.3m.
- version (or v): The Elasticsearch version. For example: 9.0.0.
s string | array[string]

A comma-separated list of column names or aliases that determines the sort order. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
master_timeout string

The period to wait for a connection to the master node.
time string

The unit used to display time values.

Values are nanos, micros, ms, s, m, h, or d.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string
- pid string
  
  The process identifier.
- ip string
  
  The IP address.
- port string
  
  The bound transport port.
- http_address string
  
  The bound HTTP address.
- version string
- flavor string
  
  The Elasticsearch distribution flavor.
- type string
  
  The Elasticsearch distribution type.
- build string
  
  The Elasticsearch build hash.
- jdk string
  
  The Java version.
- disk.total number | string
  
  One of:
  ByteSize number ByteSize string
- disk.used number | string
  
  One of:
  ByteSize number ByteSize string
- disk.avail number | string
  
  One of:
  ByteSize number ByteSize string
- disk.used_percent string | number
  
  One of:
  Percentage string Percentage number
- heap.current string
  
  The used heap.
- heap.percent string | number
  
  One of:
  Percentage string Percentage number
- heap.max string
  
  The maximum configured heap.
- ram.current string
  
  The used machine memory.
- ram.percent string | number
  
  One of:
  Percentage string Percentage number
- ram.max string
  
  The total machine memory.
- file_desc.current string
  
  The used file descriptors.
- file_desc.percent string | number
  
  One of:
  Percentage string Percentage number
- file_desc.max string
  
  The maximum number of file descriptors.
- cpu string
  
  The recent system CPU usage as a percentage.
- load_1m string
  
  The load average for the most recent minute.
- load_5m string
  
  The load average for the last five minutes.
- load_15m string
  
  The load average for the last fifteen minutes.
- uptime string
  
  The node uptime.
- node.role string
  
  The roles of the node. Returned values include c(cold node), d(data node), f(frozen node), h(hot node), i(ingest node), l(machine learning node), m (master eligible node), r(remote cluster client node), s(content node), t(transform node), v(voting-only node), w(warm node),and -(coordinating node only).
- master string
  
  Indicates whether the node is the elected master node. Returned values include *(elected master) and -(not elected master).
- name string
- completion.size string
  
  The size of completion.
- fielddata.memory_size string
  
  The used fielddata cache.
- fielddata.evictions string
  
  The fielddata evictions.
- query_cache.memory_size string
  
  The used query cache.
- query_cache.evictions string
  
  The query cache evictions.
- query_cache.hit_count string
  
  The query cache hit counts.
- query_cache.miss_count string
  
  The query cache miss counts.
- request_cache.memory_size string
  
  The used request cache.
- request_cache.evictions string
  
  The request cache evictions.
- request_cache.hit_count string
  
  The request cache hit counts.
- request_cache.miss_count string
  
  The request cache miss counts.
- flush.total string
  
  The number of flushes.
- flush.total_time string
  
  The time spent in flush.
- get.current string
  
  The number of current get ops.
- get.time string
  
  The time spent in get.
- get.total string
  
  The number of get ops.
- get.exists_time string
  
  The time spent in successful gets.
- get.exists_total string
  
  The number of successful get operations.
- get.missing_time string
  
  The time spent in failed gets.
- get.missing_total string
  
  The number of failed gets.
- indexing.delete_current string
  
  The number of current deletions.
- indexing.delete_time string
  
  The time spent in deletions.
- indexing.delete_total string
  
  The number of delete operations.
- indexing.index_current string
  
  The number of current indexing operations.
- indexing.index_time string
  
  The time spent in indexing.
- indexing.index_total string
  
  The number of indexing operations.
- indexing.index_failed string
  
  The number of failed indexing operations.
- merges.current string
  
  The number of current merges.
- merges.current_docs string
  
  The number of current merging docs.
- merges.current_size string
  
  The size of current merges.
- merges.total string
  
  The number of completed merge operations.
- merges.total_docs string
  
  The docs merged.
- merges.total_size string
  
  The size merged.
- merges.total_time string
  
  The time spent in merges.
- refresh.total string
  
  The total refreshes.
- refresh.time string
  
  The time spent in refreshes.
- refresh.external_total string
  
  The total external refreshes.
- refresh.external_time string
  
  The time spent in external refreshes.
- refresh.listeners string
  
  The number of pending refresh listeners.
- script.compilations string
  
  The total script compilations.
- script.cache_evictions string
  
  The total compiled scripts evicted from the cache.
- script.compilation_limit_triggered string
  
  The script cache compilation limit triggered.
- search.fetch_current string
  
  The current fetch phase operations.
- search.fetch_time string
  
  The time spent in fetch phase.
- search.fetch_total string
  
  The total fetch operations.
- search.open_contexts string
  
  The open search contexts.
- search.query_current string
  
  The current query phase operations.
- search.query_time string
  
  The time spent in query phase.
- search.query_total string
  
  The total query phase operations.
- search.scroll_current string
  
  The open scroll contexts.
- search.scroll_time string
  
  The time scroll contexts held open.
- search.scroll_total string
  
  The completed scroll contexts.
- segments.count string
  
  The number of segments.
- segments.memory string
  
  The memory used by segments.
- segments.index_writer_memory string
  
  The memory used by the index writer.
- segments.version_map_memory string
  
  The memory used by the version map.
- segments.fixed_bitset_memory string
  
  The memory used by fixed bit sets for nested object field types and export type filters for types referred in _parent fields.
- suggest.current string
  
  The number of current suggest operations.
- suggest.time string
  
  The time spend in suggest.
- suggest.total string
  
  The number of suggest operations.
- bulk.total_operations string
  
  The number of bulk shard operations.
- bulk.total_time string
  
  The time spend in shard bulk.
- bulk.total_size_in_bytes string
  
  The total size in bytes of shard bulk.
- bulk.avg_time string
  
  The average time spend in shard bulk.
- bulk.avg_size_in_bytes string
  
  The average size in bytes of shard bulk.

GET /_cat/nodes

curl \
 --request GET 'http://api.example.com/_cat/nodes' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_cat/nodes?v=true&format=json`. The `ip`, `heap.percent`, `ram.percent`, `cpu`, and `load_*` columns provide the IP addresses and performance information of each node. The `node.role`, `master`, and `name` columns provide information useful for monitoring an entire cluster, particularly large ones.

[
  {
    "ip": "127.0.0.1",
    "heap.percent": "65",
    "ram.percent": "99",
    "cpu": "42",
    "load_1m": "3.07",
    "load_5m": null,
    "load_15m": null,
    "node.role": "cdfhilmrstw",
    "master": "*",
    "name": "mJw06l1"
  }
]

A successful response from `GET /_cat/nodes?v=true&h=id,ip,port,v,m&format=json`. It returns the `id`, `ip`, `port`, `v` (version), and `m` (master) columns.

[
  {
    "id": "veJR",
    "ip": "127.0.0.1",
    "port": "59938",
    "v": "9.0.0",
    "m": "*"
  }
]

Get segment information

GET /_cat/segments/{index}

Api key auth Basic auth Bearer auth

Get low-level information about the Lucene segments in index shards. For data streams, the API returns information about the backing indices. IMPORTANT: cat APIs are only intended for human consumption using the command line or Kibana console. They are not intended for use by applications. For application consumption, use the index segments API.

Path parameters

index string | array[string] Required

A comma-separated list of data streams, indices, and aliases used to limit the request. Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.

Query parameters

bytes string

The unit used to display byte values.

Values are b, kb, mb, gb, tb, or pb.
h string | array[string]

List of columns to appear in the response. Supports simple wildcards.
s string | array[string]

List of columns that determine how the table should be sorted. Sorting defaults to ascending and can be changed by setting :asc or :desc as a suffix to the column name.
local boolean

If true, the request computes the list of selected nodes from the local cluster state. If false the list of selected nodes are computed from the cluster state of the master node. In both cases the coordinating node will send requests for further information to each selected node.
master_timeout string

Period to wait for a connection to the master node.

Responses

200 application/json
Hide response attributes Show response attributes object
- index string
- shard string
  
  The shard name.
- prirep string
  
  The shard type: primary or replica.
- ip string
  
  The IP address of the node where it lives.
- id string
- segment string
  
  The segment name, which is derived from the segment generation and used internally to create file names in the directory of the shard.
- generation string
  
  The segment generation number. Elasticsearch increments this generation number for each segment written then uses this number to derive the segment name.
- docs.count string
  
  The number of documents in the segment. This excludes deleted documents and counts any nested documents separately from their parents. It also excludes documents which were indexed recently and do not yet belong to a segment.
- docs.deleted string
  
  The number of deleted documents in the segment, which might be higher or lower than the number of delete operations you have performed. This number excludes deletes that were performed recently and do not yet belong to a segment. Deleted documents are cleaned up by the automatic merge process if it makes sense to do so. Also, Elasticsearch creates extra deleted documents to internally track the recent history of operations on a shard.
- size number | string
  
  One of:
  ByteSize number ByteSize string
- size.memory number | string
  
  One of:
  ByteSize number ByteSize string
- committed string
  
  If true, the segment is synced to disk. Segments that are synced can survive a hard reboot. If false, the data from uncommitted segments is also stored in the transaction log so that Elasticsearch is able to replay changes on the next start.
- searchable string
  
  If true, the segment is searchable. If false, the segment has most likely been written to disk but needs a refresh to be searchable.
- version string
- compound string
  
  If true, the segment is stored in a compound file. This means Lucene merged all files from the segment in a single file to save file descriptors.

GET /_cat/segments/{index}

curl \
 --request GET 'http://api.example.com/_cat/segments/{index}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_cat/segments?v=true&format=json`.

[
  {
    "index": "test",
    "shard": "0",
    "prirep": "p",
    "ip": "127.0.0.1",
    "segment": "_0",
    "generation": "0",
    "docs.count": "1",
    "docs.deleted": "0",
    "size": "3kb",
    "size.memory": "0",
    "committed": "false",
    "searchable": "true",
    "version": "9.12.0",
    "compound": "true"
  },
  {
    "index": "test1",
    "shard": "0",
    "prirep": "p",
    "ip": "127.0.0.1",
    "segment": "_0",
    "generation": "0",
    "docs.count": "1",
    "docs.deleted": "0",
    "size": "3kb",
    "size.memory": "0",
    "committed": "false",
    "searchable": "true",
    "version": "9.12.0",
    "compound": "true"
  }
]

Update the cluster settings

PUT /_cluster/settings

Api key auth Basic auth Bearer auth

Configure and update dynamic settings on a running cluster. You can also configure dynamic settings locally on an unstarted or shut down node in elasticsearch.yml.

Updates made with this API can be persistent, which apply across cluster restarts, or transient, which reset after a cluster restart. You can also reset transient or persistent settings by assigning them a null value.

If you configure the same setting using multiple methods, Elasticsearch applies the settings in following order of precedence: 1) Transient setting; 2) Persistent setting; 3) elasticsearch.yml setting; 4) Default setting value. For example, you can apply a transient setting to override a persistent setting or elasticsearch.yml setting. However, a change to an elasticsearch.yml setting will not override a defined transient or persistent setting.

TIP: In Elastic Cloud, use the user settings feature to configure all cluster settings. This method automatically rejects unsafe settings that could break your cluster. If you run Elasticsearch on your own hardware, use this API to configure dynamic cluster settings. Only use elasticsearch.yml for static cluster settings and node settings. The API doesn’t require a restart and ensures a setting’s value is the same on all nodes.

WARNING: Transient cluster settings are no longer recommended. Use persistent cluster settings instead. If a cluster becomes unstable, transient settings can clear unexpectedly, resulting in a potentially undesired cluster configuration.

Query parameters

flat_settings boolean

Return settings in flat format (default: false)
master_timeout string

Explicit operation timeout for connection to master node
timeout string

Explicit operation timeout

application/json

Body Required

persistent object
Hide persistent attribute Show persistent attribute object
- * object Additional properties
transient object
Hide transient attribute Show transient attribute object
- * object Additional properties

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledged boolean Required
- persistent object Required
  
  Hide persistent attribute Show persistent attribute object
  
  * object Additional properties
- transient object Required
  
  Hide transient attribute Show transient attribute object
  
  * object Additional properties

PUT /_cluster/settings

curl \
 --request PUT 'http://api.example.com/_cluster/settings' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"persistent\" : {\n    \"indices.recovery.max_bytes_per_sec\" : \"50mb\"\n  }\n}"'

Request examples

An example of a persistent update.

{
  "persistent" : {
    "indices.recovery.max_bytes_per_sec" : "50mb"
  }
}

PUT `/_cluster/settings` to update the `action.auto_create_index` setting. The setting accepts a comma-separated list of patterns that you want to allow or you can prefix each pattern with `+` or `-` to indicate whether it should be allowed or blocked. In this example, the auto-creation of indices called `my-index-000001` or `index10` is allowed, the creation of indices that match the pattern `index1*` is blocked, and the creation of any other indices that match the `ind*` pattern is allowed. Patterns are matched in the order specified.

{
  "persistent": {
    "action.auto_create_index": "my-index-000001,index10,-index1*,+ind*" 
  }
}

Get the cluster health status Added in 1.3.0

GET /_cluster/health

Api key auth Basic auth Bearer auth

You can also use the API to get the health status of only specified data streams and indices. For data streams, the API retrieves the health status of the stream’s backing indices.

The cluster health status is: green, yellow or red. On the shard level, a red status indicates that the specific shard is not allocated in the cluster. Yellow means that the primary shard is allocated but replicas are not. Green means that all shards are allocated. The index level status is controlled by the worst shard status.

One of the main benefits of the API is the ability to wait until the cluster reaches a certain high watermark health level. The cluster status is controlled by the worst index status.

Query parameters

expand_wildcards string | array[string]
Whether to expand wildcard expression to concrete indices that are open, closed or both.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
level string

Can be one of cluster, indices or shards. Controls the details level of the health information returned.

Values are cluster, indices, or shards.
local boolean

If true, the request retrieves information from the local node only. Defaults to false, which means information is retrieved from the master node.
master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
wait_for_active_shards number | string

A number controlling to how many active shards to wait for, all to wait for all shards in the cluster to be active, or 0 to not wait.
wait_for_events string

Can be one of immediate, urgent, high, normal, low, languid. Wait until all currently queued events with the given priority are processed.

Values are immediate, urgent, high, normal, low, or languid.
wait_for_nodes string | number

The request waits until the specified number N of nodes is available. It also accepts >=N, <=N, >N and <N. Alternatively, it is possible to use ge(N), le(N), gt(N) and lt(N) notation.
wait_for_no_initializing_shards boolean

A boolean value which controls whether to wait (until the timeout provided) for the cluster to have no shard initializations. Defaults to false, which means it will not wait for initializing shards.
wait_for_no_relocating_shards boolean

A boolean value which controls whether to wait (until the timeout provided) for the cluster to have no shard relocations. Defaults to false, which means it will not wait for relocating shards.
wait_for_status string
One of green, yellow or red. Will wait (until the timeout provided) until the status of the cluster changes to the one provided or better, i.e. green > yellow > red. By default, will not wait for any status.

Supported values include:
- green (or GREEN): All shards are assigned.
- yellow (or YELLOW): All primary shards are assigned, but one or more replica shards are unassigned. If a node in the cluster fails, some data could be unavailable until that node is repaired.
- red (or RED): One or more primary shards are unassigned, so some data is unavailable. This can occur briefly during cluster startup as primary shards are assigned.
Values are green, GREEN, yellow, YELLOW, red, or RED.

Responses

200 application/json
Hide response attributes Show response attributes object
- active_primary_shards number Required
  
  The number of active primary shards.
- active_shards number Required
  
  The total number of active primary and replica shards.
- active_shards_percent string
  
  The ratio of active shards in the cluster expressed as a string formatted percentage.
- active_shards_percent_as_number number Required
  
  The ratio of active shards in the cluster expressed as a percentage.
- cluster_name string Required
- delayed_unassigned_shards number Required
  
  The number of shards whose allocation has been delayed by the timeout settings.
- indices object
  
  Hide indices attribute Show indices attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  active_primary_shards number Required
  
  active_shards number Required
  
  initializing_shards number Required
  
  number_of_replicas number Required
  
  number_of_shards number Required
  
  relocating_shards number Required
  
  shards object
  
  Hide shards attribute Show shards attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  active_shards number Required
  
  initializing_shards number Required
  
  primary_active boolean Required
  
  relocating_shards number Required
  
  status string Required
  
  Values are green, GREEN, yellow, YELLOW, red, or RED.
  
  unassigned_shards number Required
  
  unassigned_primary_shards number Required
  
  status string Required
  
  Values are green, GREEN, yellow, YELLOW, red, or RED.
  
  unassigned_shards number Required
  
  unassigned_primary_shards number Required
- initializing_shards number Required
  
  The number of shards that are under initialization.
- number_of_data_nodes number Required
  
  The number of nodes that are dedicated data nodes.
- number_of_in_flight_fetch number Required
  
  The number of unfinished fetches.
- number_of_nodes number Required
  
  The number of nodes within the cluster.
- number_of_pending_tasks number Required
  
  The number of cluster-level changes that have not yet been executed.
- relocating_shards number Required
  
  The number of shards that are under relocation.
- status string Required
  
  Values are green, GREEN, yellow, YELLOW, red, or RED.
- task_max_waiting_in_queue string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- task_max_waiting_in_queue_millis number
  
  Time unit for milliseconds
- timed_out boolean Required
  
  If false the response returned within the period of time that is specified by the timeout parameter (30s by default)
- unassigned_primary_shards number Required
  
  The number of primary shards that are not allocated.
- unassigned_shards number Required
  
  The number of shards that are not allocated.

GET /_cluster/health

curl \
 --request GET 'http://api.example.com/_cluster/health' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET _cluster/health`. It is the health status of a quiet single node cluster with a single index with one shard and one replica.

{
  "cluster_name" : "testcluster",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 1,
  "active_shards" : 1,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 1,
  "delayed_unassigned_shards": 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch": 0,
  "task_max_waiting_in_queue_millis": 0,
  "active_shards_percent_as_number": 50.0
}

Get the pending cluster tasks

GET /_cluster/pending_tasks

Api key auth Basic auth Bearer auth

Get information about cluster-level changes (such as create index, update mapping, allocate or fail shard) that have not yet taken effect.

NOTE: This API returns a list of any pending updates to the cluster state. These are distinct from the tasks reported by the task management API which include periodic tasks and tasks initiated by the user, such as node stats, search queries, or create index requests. However, if a user-initiated task such as a create index command causes a cluster state update, the activity of this task might be reported by both task api and pending cluster tasks API.

Query parameters

local boolean

If true, the request retrieves information from the local node only. If false, information is retrieved from the master node.
master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.

Responses

200 application/json
Hide response attribute Show response attribute object
- tasks array[object] Required
  
  Hide tasks attributes Show tasks attributes object
  
  executing boolean Required
  
  Indicates whether the pending tasks are currently executing or not.
  
  insert_order number Required
  
  The number that represents when the task has been inserted into the task queue.
  
  priority string Required
  
  The priority of the pending task. The valid priorities in descending priority order are: IMMEDIATE > URGENT > HIGH > NORMAL > LOW > LANGUID.
  
  source string Required
  
  A general description of the cluster task that may include a reason and origin.
  
  time_in_queue string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  time_in_queue_millis number
  
  Time unit for milliseconds

GET /_cluster/pending_tasks

curl \
 --request GET 'http://api.example.com/_cluster/pending_tasks' \
 --header "Authorization: $API_KEY"

Get node information Added in 1.3.0

GET /_nodes/{metric}

Api key auth Basic auth Bearer auth

By default, the API returns all attributes and core settings for cluster nodes.

Path parameters

metric string | array[string] Required

Limits the information returned to the specific metrics. Supports a comma-separated list, such as http,ingest.

Query parameters

flat_settings boolean

If true, returns settings in flat format.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

Responses

200 application/json
Hide response attributes Show response attributes object
- _nodes object
  
  Hide _nodes attributes Show _nodes attributes object
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  total number Required
  
  Total number of nodes selected by the request.
  
  successful number Required
  
  Number of nodes that responded successfully to the request.
  
  failed number Required
  
  Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.
- cluster_name string Required
- nodes object Required
  
  Hide nodes attribute Show nodes attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  attributes object Required
  
  Hide attributes attribute Show attributes attribute object
  
  * string Additional properties
  
  build_flavor string Required
  
  build_hash string Required
  
  Short hash of the last git commit in this release.
  
  build_type string Required
  
  host string Required
  
  http object
  
  Hide http attributes Show http attributes object
  
  bound_address array[string] Required
  
  max_content_length number | string
  
  One of:
  ByteSize number ByteSize string
  
  max_content_length_in_bytes number Required
  
  publish_address string Required
  
  ip string Required
  
  jvm object
  
  Hide jvm attributes Show jvm attributes object
  
  gc_collectors array[string] Required
  
  mem object Required
  
  Hide mem attributes Show mem attributes object
  
  direct_max
  
  direct_max_in_bytes number Required
  
  heap_init
  
  heap_init_in_bytes number Required
  
  heap_max
  
  heap_max_in_bytes number Required
  
  non_heap_init
  
  non_heap_init_in_bytes number Required
  
  non_heap_max
  
  non_heap_max_in_bytes number Required
  
  memory_pools array[string] Required
  
  pid number Required
  
  Time unit for milliseconds
  
  version string Required
  
  vm_name string Required
  
  vm_vendor string Required
  
  vm_version string Required
  
  using_bundled_jdk boolean Required
  
  using_compressed_ordinary_object_pointers boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  input_arguments array[string] Required
  
  name string Required
  
  network object
  
  Hide network attributes Show network attributes object
  
  primary_interface object Required
  
  Hide primary_interface attributes Show primary_interface attributes object
  
  address string Required
  
  mac_address string Required
  
  name string Required
  
  refresh_interval number Required
  
  os object
  
  Hide os attributes Show os attributes object
  
  arch string Required
  
  Name of the JVM architecture (ex: amd64, x86)
  
  available_processors number Required
  
  Number of processors available to the Java virtual machine
  
  allocated_processors number
  
  The number of processors actually used to calculate thread pool size. This number can be set with the node.processors setting of a node and defaults to the number of processors reported by the OS.
  
  name string Required
  
  pretty_name string Required
  
  Time unit for milliseconds
  
  version string Required
  
  cpu object
  
  Hide cpu attributes Show cpu attributes object
  
  cache_size string Required
  
  cache_size_in_bytes number Required
  
  cores_per_socket number Required
  
  mhz number Required
  
  model string Required
  
  total_cores number Required
  
  total_sockets number Required
  
  vendor string Required
  
  mem object
  
  Hide mem attributes Show mem attributes object
  
  total string Required
  
  total_in_bytes number Required
  
  swap object
  
  Hide swap attributes Show swap attributes object
  
  total string Required
  
  total_in_bytes number Required
  
  plugins array[object]
  
  Hide plugins attributes Show plugins attributes object
  
  classname string Required
  
  description string Required
  
  elasticsearch_version string Required
  
  extended_plugins array[string] Required
  
  has_native_controller boolean Required
  
  java_version string Required
  
  name string Required
  
  version string Required
  
  licensed boolean Required
  
  process object
  
  Hide process attributes Show process attributes object
  
  id number Required
  
  Process identifier (PID)
  
  mlockall boolean Required
  
  Indicates if the process address space has been successfully locked in memory
  
  Time unit for milliseconds
  
  roles array[string] Required
  
  @doc_id node-roles
  
  Values are master, data, data_cold, data_content, data_frozen, data_hot, data_warm, client, ingest, ml, voting_only, transform, remote_cluster_client, or coordinating_only.
  
  settings object
  
  Hide settings attributes Show settings attributes object
  
  cluster object Required
  
  Hide cluster attributes Show cluster attributes object
  
  name string Required
  
  routing object
  
  election object Required
  
  initial_master_nodes array[string]
  
  deprecation_indexing object
  
  node object Required
  
  Hide node attributes Show node attributes object
  
  name string Required
  
  attr object Required
  
  max_local_storage_nodes string
  
  path object
  
  Hide path attributes Show path attributes object
  
  logs string
  
  home string
  
  repo array[string]
  
  data
  
  repositories object
  
  Hide repositories attribute Show repositories attribute object
  
  url object Required
  
  discovery object
  
  Hide discovery attributes Show discovery attributes object
  
  seed_hosts array[string]
  
  type string
  
  seed_providers array[string]
  
  action object
  
  Hide action attribute Show action attribute object
  
  destructive_requires_name string Required
  
  client object
  
  Hide client attribute Show client attribute object
  
  type string Required
  
  http object Required
  
  Hide http attributes Show http attributes object
  
  type object Required
  
  type.default string
  
  compression
  
  port
  
  bootstrap object
  
  Hide bootstrap attribute Show bootstrap attribute object
  
  memory_lock string Required
  
  transport object Required
  
  Hide transport attributes Show transport attributes object
  
  type object Required
  
  type.default string
  
  features object
  
  network object
  
  Hide network attribute Show network attribute object
  
  host
  
  xpack object
  
  Hide xpack attributes Show xpack attributes object
  
  license object
  
  security object Required
  
  notification object
  
  ml object
  
  script object
  
  Hide script attributes Show script attributes object
  
  allowed_types string Required
  
  disable_max_compilations_rate string
  
  search object
  
  Hide search attribute Show search attribute object
  
  remote object Required
  
  ingest object
  
  Hide ingest attributes Show ingest attributes object
  
  attachment object
  
  append object
  
  csv object
  
  convert object
  
  date object
  
  date_index_name object
  
  dot_expander object
  
  enrich object
  
  fail object
  
  foreach object
  
  json object
  
  user_agent object
  
  kv object
  
  geoip object
  
  grok object
  
  gsub object
  
  join object
  
  lowercase object
  
  remove object
  
  rename object
  
  script object
  
  set object
  
  sort object
  
  split object
  
  trim object
  
  uppercase object
  
  urldecode object
  
  bytes object
  
  dissect object
  
  set_security_user object
  
  pipeline object
  
  drop object
  
  circle object
  
  inference object
  
  thread_pool object
  
  Hide thread_pool attribute Show thread_pool attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  core number
  
  keep_alive string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  max number
  
  queue_size number Required
  
  size number
  
  type string Required
  
  total_indexing_buffer number
  
  Total heap allowed to be used to hold recently indexed documents before they must be written to disk. This size is a shared pool across all shards on this node, and is controlled by Indexing Buffer settings.
  
  total_indexing_buffer_in_bytes number | string
  
  One of:
  ByteSize number ByteSize string
  
  transport object
  
  Hide transport attributes Show transport attributes object
  
  bound_address array[string] Required
  
  publish_address string Required
  
  profiles object Required
  
  Hide profiles attribute Show profiles attribute object
  
  * string Additional properties
  
  transport_address string Required
  
  version string Required
  
  modules array[object]
  
  Hide modules attributes Show modules attributes object
  
  classname string Required
  
  description string Required
  
  elasticsearch_version string Required
  
  extended_plugins array[string] Required
  
  has_native_controller boolean Required
  
  java_version string Required
  
  name string Required
  
  version string Required
  
  licensed boolean Required
  
  ingest object
  
  Hide ingest attribute Show ingest attribute object
  
  processors array[object] Required
  
  aggregations object
  
  Hide aggregations attribute Show aggregations attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  types array[string] Required

GET /_nodes/{metric}

curl \
 --request GET 'http://api.example.com/_nodes/{metric}' \
 --header "Authorization: $API_KEY"

Response examples (200)

An abbreviated response when requesting cluster nodes information.

{
    "_nodes": {},
    "cluster_name": "elasticsearch",
    "nodes": {
      "USpTGYaBSIKbgSUJR2Z9lg": {
        "name": "node-0",
        "transport_address": "192.168.17:9300",
        "host": "node-0.elastic.co",
        "ip": "192.168.17",
        "version": "{version}",
        "transport_version": 100000298,
        "index_version": 100000074,
        "component_versions": {
          "ml_config_version": 100000162,
          "transform_config_version": 100000096
        },
        "build_flavor": "default",
        "build_type": "{build_type}",
        "build_hash": "587409e",
        "roles": [
          "master",
          "data",
          "ingest"
        ],
        "attributes": {},
        "plugins": [
          {
            "name": "analysis-icu",
            "version": "{version}",
            "description": "The ICU Analysis plugin integrates Lucene ICU
  module into elasticsearch, adding ICU relates analysis components.",
            "classname":
  "org.elasticsearch.plugin.analysis.icu.AnalysisICUPlugin",
            "has_native_controller": false
          }
        ],
        "modules": [
          {
            "name": "lang-painless",
            "version": "{version}",
            "description": "An easy, safe and fast scripting language for
  Elasticsearch",
            "classname": "org.elasticsearch.painless.PainlessPlugin",
            "has_native_controller": false
          }
        ]
      }
    }
}

Reload the keystore on nodes in the cluster Added in 6.5.0

POST /_nodes/{node_id}/reload_secure_settings

Api key auth Basic auth Bearer auth

Secure settings are stored in an on-disk keystore. Certain of these settings are reloadable. That is, you can change them on disk and reload them without restarting any nodes in the cluster. When you have updated reloadable secure settings in your keystore, you can use this API to reload those settings on each node.

When the Elasticsearch keystore is password protected and not simply obfuscated, you must provide the password for the keystore when you reload the secure settings. Reloading the settings for the whole cluster assumes that the keystores for all nodes are protected with the same password; this method is allowed only when inter-node communications are encrypted. Alternatively, you can reload the secure settings on each node by locally accessing the API and passing the node-specific Elasticsearch keystore password.

Path parameters

node_id string | array[string] Required

The names of particular nodes in the cluster to target.

Query parameters

timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

application/json

Body

secure_settings_password string

Responses

200 application/json
Hide response attributes Show response attributes object
- _nodes object
  
  Hide _nodes attributes Show _nodes attributes object
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  total number Required
  
  Total number of nodes selected by the request.
  
  successful number Required
  
  Number of nodes that responded successfully to the request.
  
  failed number Required
  
  Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.
- cluster_name string Required
- nodes object Required
  
  Hide nodes attribute Show nodes attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  name string Required
  
  reload_exception object
  
  Hide reload_exception attributes Show reload_exception attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]

POST /_nodes/{node_id}/reload_secure_settings

curl \
 --request POST 'http://api.example.com/_nodes/{node_id}/reload_secure_settings' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"secure_settings_password\": \"keystore-password\"\n}"'

Request example

Run `POST _nodes/reload_secure_settings` to reload the keystore on nodes in the cluster.

{
  "secure_settings_password": "keystore-password"
}

Response examples (200)

A successful response when reloading keystore on nodes in your cluster.

{
  "_nodes": {
    "total": 1,
    "successful": 1,
    "failed": 0
  },
  "cluster_name": "my_cluster",
  "nodes": {
    "pQHNt5rXTTWNvUgOrdynKg": {
      "name": "node-0"
    }
  }
}

Get node statistics

GET /_nodes/{node_id}/stats

Api key auth Basic auth Bearer auth

Get statistics for nodes in a cluster. By default, all stats are returned. You can limit the returned information by using metrics.

Path parameters

node_id string | array[string] Required

Comma-separated list of node IDs or names used to limit returned information.

Query parameters

completion_fields string | array[string]

Comma-separated list or wildcard expressions of fields to include in fielddata and suggest statistics.
fielddata_fields string | array[string]

Comma-separated list or wildcard expressions of fields to include in fielddata statistics.
fields string | array[string]

Comma-separated list or wildcard expressions of fields to include in the statistics.
groups boolean

Comma-separated list of search groups to include in the search statistics.
include_segment_file_sizes boolean

If true, the call reports the aggregated disk usage of each one of the Lucene index files (only applies if segment stats are requested).
level string

Indicates whether statistics are aggregated at the cluster, index, or shard level.

Values are cluster, indices, or shards.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
types array[string]

A comma-separated list of document types for the indexing index metric.
include_unloaded_segments boolean

If true, the response includes information from segments that are not loaded into memory.

Responses

200 application/json
Hide response attributes Show response attributes object
- _nodes object
  
  Hide _nodes attributes Show _nodes attributes object
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  total number Required
  
  Total number of nodes selected by the request.
  
  successful number Required
  
  Number of nodes that responded successfully to the request.
  
  failed number Required
  
  Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.
- cluster_name string
- nodes object Required
  
  Hide nodes attribute Show nodes attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  adaptive_selection object
  
  Statistics about adaptive replica selection.
  
  Hide adaptive_selection attribute Show adaptive_selection attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  avg_queue_size number
  
  The exponentially weighted moving average queue size of search requests on the keyed node.
  
  avg_response_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  avg_response_time_ns number
  
  The exponentially weighted moving average response time, in nanoseconds, of search requests on the keyed node.
  
  avg_service_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  avg_service_time_ns number
  
  The exponentially weighted moving average service time, in nanoseconds, of search requests on the keyed node.
  
  outgoing_searches number
  
  The number of outstanding search requests to the keyed node from the node these stats are for.
  
  rank string
  
  The rank of this node; used for shard selection when routing search requests.
  
  breakers object
  
  Statistics about the field data circuit breaker.
  
  Hide breakers attribute Show breakers attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  estimated_size string
  
  Estimated memory used for the operation.
  
  estimated_size_in_bytes number
  
  Estimated memory used, in bytes, for the operation.
  
  limit_size string
  
  Memory limit for the circuit breaker.
  
  limit_size_in_bytes number
  
  Memory limit, in bytes, for the circuit breaker.
  
  overhead number
  
  A constant that all estimates for the circuit breaker are multiplied with to calculate a final estimate.
  
  tripped number
  
  Total number of times the circuit breaker has been triggered and prevented an out of memory error.
  
  fs object
  
  Hide fs attributes Show fs attributes object
  
  data array[object]
  
  List of all file stores.
  
  timestamp number
  
  Last time the file stores statistics were refreshed. Recorded in milliseconds since the Unix Epoch.
  
  total object
  
  Hide total attributes Show total attributes object
  
  available string
  
  Total disk space available to this Java virtual machine on all file stores. Depending on OS or process level restrictions, this might appear less than free. This is the actual amount of free disk space the Elasticsearch node can utilise.
  
  available_in_bytes number
  
  Total number of bytes available to this Java virtual machine on all file stores. Depending on OS or process level restrictions, this might appear less than free_in_bytes. This is the actual amount of free disk space the Elasticsearch node can utilise.
  
  free string
  
  Total unallocated disk space in all file stores.
  
  free_in_bytes number
  
  Total number of unallocated bytes in all file stores.
  
  total string
  
  Total size of all file stores.
  
  total_in_bytes number
  
  Total size of all file stores in bytes.
  
  io_stats object
  
  Hide io_stats attributes Show io_stats attributes object
  
  devices array[object]
  
  Array of disk metrics for each device that is backing an Elasticsearch data path. These disk metrics are probed periodically and averages between the last probe and the current probe are computed.
  
  total object
  
  host string
  
  http object
  
  Hide http attributes Show http attributes object
  
  current_open number
  
  Current number of open HTTP connections for the node.
  
  total_opened number
  
  Total number of HTTP connections opened for the node.
  
  clients array[object]
  
  Information on current and recently-closed HTTP client connections. Clients that have been closed longer than the http.client_stats.closed_channels.max_age setting will not be represented here.
  
  routes object Required Added in 8.12.0
  
  Detailed HTTP stats broken down by route
  
  Hide routes attribute Show routes attribute object
  
  * object Additional properties
  
  ingest object
  
  Hide ingest attributes Show ingest attributes object
  
  pipelines object
  
  Contains statistics about ingest pipelines for the node.
  
  Hide pipelines attribute Show pipelines attribute object
  
  * object Additional properties
  
  total object
  
  Hide total attributes Show total attributes object
  
  count number Required
  
  Total number of documents ingested during the lifetime of this node.
  
  current number Required
  
  Total number of documents currently being ingested.
  
  failed number Required
  
  Total number of failed ingest operations during the lifetime of this node.
  
  ip string | array[string]
  
  IP address and port for the node.
  
  One of:
  Ip string array-2 array[string]
  
  jvm object
  
  Hide jvm attributes Show jvm attributes object
  
  buffer_pools object
  
  Contains statistics about JVM buffer pools for the node.
  
  Hide buffer_pools attribute Show buffer_pools attribute object
  
  * object Additional properties
  
  classes object
  
  Hide classes attributes Show classes attributes object
  
  current_loaded_count number
  
  Number of classes currently loaded by JVM.
  
  total_loaded_count number
  
  Total number of classes loaded since the JVM started.
  
  total_unloaded_count number
  
  Total number of classes unloaded since the JVM started.
  
  gc object
  
  Hide gc attribute Show gc attribute object
  
  collectors object
  
  Contains statistics about JVM garbage collectors for the node.
  
  mem object
  
  Hide mem attributes Show mem attributes object
  
  heap_used_in_bytes number
  
  Memory, in bytes, currently in use by the heap.
  
  heap_used_percent number
  
  Percentage of memory currently in use by the heap.
  
  heap_committed_in_bytes number
  
  Amount of memory, in bytes, available for use by the heap.
  
  heap_max_in_bytes number
  
  Maximum amount of memory, in bytes, available for use by the heap.
  
  non_heap_used_in_bytes number
  
  Non-heap memory used, in bytes.
  
  non_heap_committed_in_bytes number
  
  Amount of non-heap memory available, in bytes.
  
  pools object
  
  Contains statistics about heap memory usage for the node.
  
  threads object
  
  Hide threads attributes Show threads attributes object
  
  count number
  
  Number of active threads in use by JVM.
  
  peak_count number
  
  Highest number of threads used by JVM.
  
  timestamp number
  
  Last time JVM statistics were refreshed.
  
  uptime string
  
  Human-readable JVM uptime. Only returned if the human query parameter is true.
  
  uptime_in_millis number
  
  JVM uptime in milliseconds.
  
  name string
  
  os object
  
  Hide os attributes Show os attributes object
  
  cpu object
  
  Hide cpu attributes Show cpu attributes object
  
  percent number
  
  sys string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  user string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  load_average object
  
  swap object
  
  Hide swap attributes Show swap attributes object
  
  adjusted_total_in_bytes number
  
  If the amount of physical memory has been overridden using the es.total_memory_bytes system property then this reports the overridden value in bytes. Otherwise it reports the same value as total_in_bytes.
  
  resident string
  
  resident_in_bytes number
  
  share string
  
  share_in_bytes number
  
  total_virtual string
  
  total_virtual_in_bytes number
  
  total_in_bytes number
  
  Total amount of physical memory in bytes.
  
  free_in_bytes number
  
  Amount of free physical memory in bytes.
  
  used_in_bytes number
  
  Amount of used physical memory in bytes.
  
  cgroup object
  
  Hide cgroup attributes Show cgroup attributes object
  
  cpuacct object
  
  cpu object
  
  memory object
  
  timestamp number
  
  process object
  
  Hide process attributes Show process attributes object
  
  cpu object
  
  Hide cpu attributes Show cpu attributes object
  
  percent number
  
  sys string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  user string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  load_average object
  
  mem object
  
  Hide mem attributes Show mem attributes object
  
  adjusted_total_in_bytes number
  
  If the amount of physical memory has been overridden using the es.total_memory_bytes system property then this reports the overridden value in bytes. Otherwise it reports the same value as total_in_bytes.
  
  resident string
  
  resident_in_bytes number
  
  share string
  
  share_in_bytes number
  
  total_virtual string
  
  total_virtual_in_bytes number
  
  total_in_bytes number
  
  Total amount of physical memory in bytes.
  
  free_in_bytes number
  
  Amount of free physical memory in bytes.
  
  used_in_bytes number
  
  Amount of used physical memory in bytes.
  
  open_file_descriptors number
  
  Number of opened file descriptors associated with the current or -1 if not supported.
  
  max_file_descriptors number
  
  Maximum number of file descriptors allowed on the system, or -1 if not supported.
  
  timestamp number
  
  Last time the statistics were refreshed. Recorded in milliseconds since the Unix Epoch.
  
  roles array[string]
  
  @doc_id node-roles
  
  Values are master, data, data_cold, data_content, data_frozen, data_hot, data_warm, client, ingest, ml, voting_only, transform, remote_cluster_client, or coordinating_only.
  
  script object
  
  Hide script attributes Show script attributes object
  
  cache_evictions number
  
  Total number of times the script cache has evicted old data.
  
  compilations number
  
  Total number of inline script compilations performed by the node.
  
  compilations_history object
  
  Contains this recent history of script compilations.
  
  Hide compilations_history attribute Show compilations_history attribute object
  
  * number Additional properties
  
  compilation_limit_triggered number
  
  Total number of times the script compilation circuit breaker has limited inline script compilations.
  
  contexts array[object]
  
  script_cache object
  
  thread_pool object
  
  Statistics about each thread pool, including current size, queue and rejected tasks.
  
  Hide thread_pool attribute Show thread_pool attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  active number
  
  Number of active threads in the thread pool.
  
  completed number
  
  Number of tasks completed by the thread pool executor.
  
  largest number
  
  Highest number of active threads in the thread pool.
  
  queue number
  
  Number of tasks in queue for the thread pool.
  
  rejected number
  
  Number of tasks rejected by the thread pool executor.
  
  threads number
  
  Number of threads in the thread pool.
  
  timestamp number
  
  transport object
  
  Hide transport attributes Show transport attributes object
  
  inbound_handling_time_histogram array[object]
  
  The distribution of the time spent handling each inbound message on a transport thread, represented as a histogram.
  
  outbound_handling_time_histogram array[object]
  
  The distribution of the time spent sending each outbound transport message on a transport thread, represented as a histogram.
  
  rx_count number
  
  Total number of RX (receive) packets received by the node during internal cluster communication.
  
  rx_size string
  
  Size of RX packets received by the node during internal cluster communication.
  
  rx_size_in_bytes number
  
  Size, in bytes, of RX packets received by the node during internal cluster communication.
  
  server_open number
  
  Current number of inbound TCP connections used for internal communication between nodes.
  
  tx_count number
  
  Total number of TX (transmit) packets sent by the node during internal cluster communication.
  
  tx_size string
  
  Size of TX packets sent by the node during internal cluster communication.
  
  tx_size_in_bytes number
  
  Size, in bytes, of TX packets sent by the node during internal cluster communication.
  
  total_outbound_connections number
  
  The cumulative number of outbound transport connections that this node has opened since it started. Each transport connection may comprise multiple TCP connections but is only counted once in this statistic. Transport connections are typically long-lived so this statistic should remain constant in a stable cluster.
  
  transport_address string
  
  attributes object
  
  Contains a list of attributes for the node.
  
  Hide attributes attribute Show attributes attribute object
  
  * string Additional properties
  
  discovery object
  
  Hide discovery attributes Show discovery attributes object
  
  cluster_state_queue object
  
  Hide cluster_state_queue attributes Show cluster_state_queue attributes object
  
  total number
  
  Total number of cluster states in queue.
  
  pending number
  
  Number of pending cluster states in queue.
  
  committed number
  
  Number of committed cluster states in queue.
  
  published_cluster_states object
  
  Hide published_cluster_states attributes Show published_cluster_states attributes object
  
  full_states number
  
  Number of published cluster states.
  
  incompatible_diffs number
  
  Number of incompatible differences between published cluster states.
  
  compatible_diffs number
  
  Number of compatible differences between published cluster states.
  
  cluster_state_update object
  
  Contains low-level statistics about how long various activities took during cluster state updates while the node was the elected master. Omitted if the node is not master-eligible. Every field whose name ends in _time within this object is also represented as a raw number of milliseconds in a field whose name ends in _time_millis. The human-readable fields with a _time suffix are only returned if requested with the ?human=true query parameter.
  
  Hide cluster_state_update attribute Show cluster_state_update attribute object
  
  * object Additional properties
  
  serialized_cluster_states object
  
  Hide serialized_cluster_states attributes Show serialized_cluster_states attributes object
  
  full_states object
  
  diffs object
  
  cluster_applier_stats object
  
  Hide cluster_applier_stats attribute Show cluster_applier_stats attribute object
  
  recordings array[object]
  
  indexing_pressure object
  
  Hide indexing_pressure attribute Show indexing_pressure attribute object
  
  memory object
  
  Hide memory attributes Show memory attributes object
  
  limit
  
  limit_in_bytes number
  
  Configured memory limit, in bytes, for the indexing requests. Replica requests have an automatic limit that is 1.5x this value.
  
  current object
  
  total object
  
  indices object
  
  Hide indices attributes Show indices attributes object
  
  commit object
  
  Hide commit attributes Show commit attributes object
  
  generation number Required
  
  id string Required
  
  num_docs number Required
  
  user_data object Required
  
  completion object
  
  Hide completion attributes Show completion attributes object
  
  size_in_bytes number Required
  
  Total amount, in bytes, of memory used for completion across all shards assigned to selected nodes.
  
  size
  
  fields object
  
  docs object
  
  Hide docs attributes Show docs attributes object
  
  count number Required
  
  Total number of non-deleted documents across all primary shards assigned to selected nodes. This number is based on documents in Lucene segments and may include documents from nested fields.
  
  deleted number
  
  Total number of deleted documents across all primary shards assigned to selected nodes. This number is based on documents in Lucene segments. Elasticsearch reclaims the disk space of deleted Lucene documents when a segment is merged.
  
  fielddata object
  
  Hide fielddata attributes Show fielddata attributes object
  
  evictions number
  
  memory_size
  
  memory_size_in_bytes number Required
  
  fields object
  
  flush object
  
  Hide flush attributes Show flush attributes object
  
  periodic number Required
  
  total number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  get object
  
  Hide get attributes Show get attributes object
  
  current number Required
  
  exists_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  exists_total number Required
  
  missing_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  missing_total number Required
  
  time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total number Required
  
  indexing object
  
  Hide indexing attributes Show indexing attributes object
  
  index_current number Required
  
  delete_current number Required
  
  delete_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  delete_total number Required
  
  is_throttled boolean Required
  
  noop_update_total number Required
  
  throttle_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  index_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  index_total number Required
  
  index_failed number Required
  
  types object
  
  write_load number
  
  mappings object
  
  Hide mappings attributes Show mappings attributes object
  
  total_count number Required
  
  total_estimated_overhead
  
  total_estimated_overhead_in_bytes number Required
  
  merges object
  
  Hide merges attributes Show merges attributes object
  
  current number Required
  
  current_docs number Required
  
  current_size string
  
  current_size_in_bytes number Required
  
  total number Required
  
  total_auto_throttle string
  
  total_auto_throttle_in_bytes number Required
  
  total_docs number Required
  
  total_size string
  
  total_size_in_bytes number Required
  
  total_stopped_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_throttled_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  shard_path object
  
  Hide shard_path attributes Show shard_path attributes object
  
  data_path string Required
  
  is_custom_data_path boolean Required
  
  state_path string Required
  
  query_cache object
  
  Hide query_cache attributes Show query_cache attributes object
  
  cache_count number Required
  
  cache_size number Required
  
  evictions number Required
  
  hit_count number Required
  
  memory_size_in_bytes number Required
  
  miss_count number Required
  
  total_count number Required
  
  recovery object
  
  Hide recovery attributes Show recovery attributes object
  
  current_as_source number Required
  
  current_as_target number Required
  
  throttle_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  refresh object
  
  Hide refresh attributes Show refresh attributes object
  
  external_total number Required
  
  listeners number Required
  
  total number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  request_cache object
  
  Hide request_cache attributes Show request_cache attributes object
  
  evictions number Required
  
  hit_count number Required
  
  memory_size string
  
  memory_size_in_bytes number Required
  
  miss_count number Required
  
  retention_leases object
  
  Hide retention_leases attributes Show retention_leases attributes object
  
  primary_term number Required
  
  version number Required
  
  leases array[object] Required
  
  routing object
  
  Hide routing attributes Show routing attributes object
  
  node string Required
  
  primary boolean Required
  
  relocating_node
  
  state string Required
  
  Values are UNASSIGNED, INITIALIZING, STARTED, or RELOCATING.
  
  search object
  
  Hide search attributes Show search attributes object
  
  fetch_current number Required
  
  fetch_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  fetch_total number Required
  
  open_contexts number
  
  query_current number Required
  
  query_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  query_total number Required
  
  scroll_current number Required
  
  scroll_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  scroll_total number Required
  
  suggest_current number Required
  
  suggest_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  suggest_total number Required
  
  groups object
  
  segments object
  
  Hide segments attributes Show segments attributes object
  
  count number Required
  
  Total number of segments across all shards assigned to selected nodes.
  
  doc_values_memory
  
  doc_values_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for doc values across all shards assigned to selected nodes.
  
  file_sizes object Required
  
  This object is not populated by the cluster stats API. To get information on segment files, use the node stats API.
  
  fixed_bit_set
  
  fixed_bit_set_memory_in_bytes number Required
  
  Total amount of memory, in bytes, used by fixed bit sets across all shards assigned to selected nodes.
  
  index_writer_memory
  
  index_writer_max_memory_in_bytes number
  
  index_writer_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used by all index writers across all shards assigned to selected nodes.
  
  max_unsafe_auto_id_timestamp number Required
  
  Unix timestamp, in milliseconds, of the most recently retried indexing request.
  
  memory
  
  memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for segments across all shards assigned to selected nodes.
  
  norms_memory
  
  norms_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for normalization factors across all shards assigned to selected nodes.
  
  points_memory
  
  points_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for points across all shards assigned to selected nodes.
  
  stored_memory
  
  stored_fields_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for stored fields across all shards assigned to selected nodes.
  
  terms_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for terms across all shards assigned to selected nodes.
  
  terms_memory
  
  term_vectory_memory
  
  term_vectors_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for term vectors across all shards assigned to selected nodes.
  
  version_map_memory
  
  version_map_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used by all version maps across all shards assigned to selected nodes.
  
  seq_no object
  
  Hide seq_no attributes Show seq_no attributes object
  
  global_checkpoint number Required
  
  local_checkpoint number Required
  
  max_seq_no number Required
  
  store object
  
  Hide store attributes Show store attributes object
  
  size
  
  size_in_bytes number Required
  
  Total size, in bytes, of all shards assigned to selected nodes.
  
  reserved
  
  reserved_in_bytes number Required
  
  A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities.
  
  total_data_set_size
  
  total_data_set_size_in_bytes number
  
  Total data set size, in bytes, of all shards assigned to selected nodes. This includes the size of shards not stored fully on the nodes, such as the cache for partially mounted indices.
  
  translog object
  
  Hide translog attributes Show translog attributes object
  
  earliest_last_modified_age number Required
  
  operations number Required
  
  size string
  
  size_in_bytes number Required
  
  uncommitted_operations number Required
  
  uncommitted_size string
  
  uncommitted_size_in_bytes number Required
  
  warmer object
  
  Hide warmer attributes Show warmer attributes object
  
  current number Required
  
  total number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  bulk object
  
  Hide bulk attributes Show bulk attributes object
  
  total_operations number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_size
  
  total_size_in_bytes number Required
  
  avg_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  avg_size
  
  avg_size_in_bytes number Required
  
  shards object
  
  Hide shards attribute Show shards attribute object
  
  * object Additional properties
  
  shard_stats object
  
  Hide shard_stats attribute Show shard_stats attribute object
  
  total_count number Required
  
  indices object Additional properties
  
  Hide indices attributes Show indices attributes object
  
  primaries object
  
  shards object
  
  total object
  
  uuid string
  
  health string
  
  Values are green, GREEN, yellow, YELLOW, red, or RED.
  
  status string
  
  Values are open or close.

GET /_nodes/{node_id}/stats

curl \
 --request GET 'http://api.example.com/_nodes/{node_id}/stats' \
 --header "Authorization: $API_KEY"

Get node statistics

GET /_nodes/stats/{metric}

Api key auth Basic auth Bearer auth

Get statistics for nodes in a cluster. By default, all stats are returned. You can limit the returned information by using metrics.

Path parameters

metric string | array[string] Required

Limit the information returned to the specified metrics

Query parameters

completion_fields string | array[string]

Comma-separated list or wildcard expressions of fields to include in fielddata and suggest statistics.
fielddata_fields string | array[string]

Comma-separated list or wildcard expressions of fields to include in fielddata statistics.
fields string | array[string]

Comma-separated list or wildcard expressions of fields to include in the statistics.
groups boolean

Comma-separated list of search groups to include in the search statistics.
include_segment_file_sizes boolean

If true, the call reports the aggregated disk usage of each one of the Lucene index files (only applies if segment stats are requested).
level string

Indicates whether statistics are aggregated at the cluster, index, or shard level.

Values are cluster, indices, or shards.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
types array[string]

A comma-separated list of document types for the indexing index metric.
include_unloaded_segments boolean

If true, the response includes information from segments that are not loaded into memory.

Responses

200 application/json
Hide response attributes Show response attributes object
- _nodes object
  
  Hide _nodes attributes Show _nodes attributes object
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  total number Required
  
  Total number of nodes selected by the request.
  
  successful number Required
  
  Number of nodes that responded successfully to the request.
  
  failed number Required
  
  Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.
- cluster_name string
- nodes object Required
  
  Hide nodes attribute Show nodes attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  adaptive_selection object
  
  Statistics about adaptive replica selection.
  
  Hide adaptive_selection attribute Show adaptive_selection attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  avg_queue_size number
  
  The exponentially weighted moving average queue size of search requests on the keyed node.
  
  avg_response_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  avg_response_time_ns number
  
  The exponentially weighted moving average response time, in nanoseconds, of search requests on the keyed node.
  
  avg_service_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  avg_service_time_ns number
  
  The exponentially weighted moving average service time, in nanoseconds, of search requests on the keyed node.
  
  outgoing_searches number
  
  The number of outstanding search requests to the keyed node from the node these stats are for.
  
  rank string
  
  The rank of this node; used for shard selection when routing search requests.
  
  breakers object
  
  Statistics about the field data circuit breaker.
  
  Hide breakers attribute Show breakers attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  estimated_size string
  
  Estimated memory used for the operation.
  
  estimated_size_in_bytes number
  
  Estimated memory used, in bytes, for the operation.
  
  limit_size string
  
  Memory limit for the circuit breaker.
  
  limit_size_in_bytes number
  
  Memory limit, in bytes, for the circuit breaker.
  
  overhead number
  
  A constant that all estimates for the circuit breaker are multiplied with to calculate a final estimate.
  
  tripped number
  
  Total number of times the circuit breaker has been triggered and prevented an out of memory error.
  
  fs object
  
  Hide fs attributes Show fs attributes object
  
  data array[object]
  
  List of all file stores.
  
  timestamp number
  
  Last time the file stores statistics were refreshed. Recorded in milliseconds since the Unix Epoch.
  
  total object
  
  Hide total attributes Show total attributes object
  
  available string
  
  Total disk space available to this Java virtual machine on all file stores. Depending on OS or process level restrictions, this might appear less than free. This is the actual amount of free disk space the Elasticsearch node can utilise.
  
  available_in_bytes number
  
  Total number of bytes available to this Java virtual machine on all file stores. Depending on OS or process level restrictions, this might appear less than free_in_bytes. This is the actual amount of free disk space the Elasticsearch node can utilise.
  
  free string
  
  Total unallocated disk space in all file stores.
  
  free_in_bytes number
  
  Total number of unallocated bytes in all file stores.
  
  total string
  
  Total size of all file stores.
  
  total_in_bytes number
  
  Total size of all file stores in bytes.
  
  io_stats object
  
  Hide io_stats attributes Show io_stats attributes object
  
  devices array[object]
  
  Array of disk metrics for each device that is backing an Elasticsearch data path. These disk metrics are probed periodically and averages between the last probe and the current probe are computed.
  
  total object
  
  host string
  
  http object
  
  Hide http attributes Show http attributes object
  
  current_open number
  
  Current number of open HTTP connections for the node.
  
  total_opened number
  
  Total number of HTTP connections opened for the node.
  
  clients array[object]
  
  Information on current and recently-closed HTTP client connections. Clients that have been closed longer than the http.client_stats.closed_channels.max_age setting will not be represented here.
  
  routes object Required Added in 8.12.0
  
  Detailed HTTP stats broken down by route
  
  Hide routes attribute Show routes attribute object
  
  * object Additional properties
  
  ingest object
  
  Hide ingest attributes Show ingest attributes object
  
  pipelines object
  
  Contains statistics about ingest pipelines for the node.
  
  Hide pipelines attribute Show pipelines attribute object
  
  * object Additional properties
  
  total object
  
  Hide total attributes Show total attributes object
  
  count number Required
  
  Total number of documents ingested during the lifetime of this node.
  
  current number Required
  
  Total number of documents currently being ingested.
  
  failed number Required
  
  Total number of failed ingest operations during the lifetime of this node.
  
  ip string | array[string]
  
  IP address and port for the node.
  
  One of:
  Ip string array-2 array[string]
  
  jvm object
  
  Hide jvm attributes Show jvm attributes object
  
  buffer_pools object
  
  Contains statistics about JVM buffer pools for the node.
  
  Hide buffer_pools attribute Show buffer_pools attribute object
  
  * object Additional properties
  
  classes object
  
  Hide classes attributes Show classes attributes object
  
  current_loaded_count number
  
  Number of classes currently loaded by JVM.
  
  total_loaded_count number
  
  Total number of classes loaded since the JVM started.
  
  total_unloaded_count number
  
  Total number of classes unloaded since the JVM started.
  
  gc object
  
  Hide gc attribute Show gc attribute object
  
  collectors object
  
  Contains statistics about JVM garbage collectors for the node.
  
  mem object
  
  Hide mem attributes Show mem attributes object
  
  heap_used_in_bytes number
  
  Memory, in bytes, currently in use by the heap.
  
  heap_used_percent number
  
  Percentage of memory currently in use by the heap.
  
  heap_committed_in_bytes number
  
  Amount of memory, in bytes, available for use by the heap.
  
  heap_max_in_bytes number
  
  Maximum amount of memory, in bytes, available for use by the heap.
  
  non_heap_used_in_bytes number
  
  Non-heap memory used, in bytes.
  
  non_heap_committed_in_bytes number
  
  Amount of non-heap memory available, in bytes.
  
  pools object
  
  Contains statistics about heap memory usage for the node.
  
  threads object
  
  Hide threads attributes Show threads attributes object
  
  count number
  
  Number of active threads in use by JVM.
  
  peak_count number
  
  Highest number of threads used by JVM.
  
  timestamp number
  
  Last time JVM statistics were refreshed.
  
  uptime string
  
  Human-readable JVM uptime. Only returned if the human query parameter is true.
  
  uptime_in_millis number
  
  JVM uptime in milliseconds.
  
  name string
  
  os object
  
  Hide os attributes Show os attributes object
  
  cpu object
  
  Hide cpu attributes Show cpu attributes object
  
  percent number
  
  sys string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  user string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  load_average object
  
  swap object
  
  Hide swap attributes Show swap attributes object
  
  adjusted_total_in_bytes number
  
  If the amount of physical memory has been overridden using the es.total_memory_bytes system property then this reports the overridden value in bytes. Otherwise it reports the same value as total_in_bytes.
  
  resident string
  
  resident_in_bytes number
  
  share string
  
  share_in_bytes number
  
  total_virtual string
  
  total_virtual_in_bytes number
  
  total_in_bytes number
  
  Total amount of physical memory in bytes.
  
  free_in_bytes number
  
  Amount of free physical memory in bytes.
  
  used_in_bytes number
  
  Amount of used physical memory in bytes.
  
  cgroup object
  
  Hide cgroup attributes Show cgroup attributes object
  
  cpuacct object
  
  cpu object
  
  memory object
  
  timestamp number
  
  process object
  
  Hide process attributes Show process attributes object
  
  cpu object
  
  Hide cpu attributes Show cpu attributes object
  
  percent number
  
  sys string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  user string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  load_average object
  
  mem object
  
  Hide mem attributes Show mem attributes object
  
  adjusted_total_in_bytes number
  
  If the amount of physical memory has been overridden using the es.total_memory_bytes system property then this reports the overridden value in bytes. Otherwise it reports the same value as total_in_bytes.
  
  resident string
  
  resident_in_bytes number
  
  share string
  
  share_in_bytes number
  
  total_virtual string
  
  total_virtual_in_bytes number
  
  total_in_bytes number
  
  Total amount of physical memory in bytes.
  
  free_in_bytes number
  
  Amount of free physical memory in bytes.
  
  used_in_bytes number
  
  Amount of used physical memory in bytes.
  
  open_file_descriptors number
  
  Number of opened file descriptors associated with the current or -1 if not supported.
  
  max_file_descriptors number
  
  Maximum number of file descriptors allowed on the system, or -1 if not supported.
  
  timestamp number
  
  Last time the statistics were refreshed. Recorded in milliseconds since the Unix Epoch.
  
  roles array[string]
  
  @doc_id node-roles
  
  Values are master, data, data_cold, data_content, data_frozen, data_hot, data_warm, client, ingest, ml, voting_only, transform, remote_cluster_client, or coordinating_only.
  
  script object
  
  Hide script attributes Show script attributes object
  
  cache_evictions number
  
  Total number of times the script cache has evicted old data.
  
  compilations number
  
  Total number of inline script compilations performed by the node.
  
  compilations_history object
  
  Contains this recent history of script compilations.
  
  Hide compilations_history attribute Show compilations_history attribute object
  
  * number Additional properties
  
  compilation_limit_triggered number
  
  Total number of times the script compilation circuit breaker has limited inline script compilations.
  
  contexts array[object]
  
  script_cache object
  
  thread_pool object
  
  Statistics about each thread pool, including current size, queue and rejected tasks.
  
  Hide thread_pool attribute Show thread_pool attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  active number
  
  Number of active threads in the thread pool.
  
  completed number
  
  Number of tasks completed by the thread pool executor.
  
  largest number
  
  Highest number of active threads in the thread pool.
  
  queue number
  
  Number of tasks in queue for the thread pool.
  
  rejected number
  
  Number of tasks rejected by the thread pool executor.
  
  threads number
  
  Number of threads in the thread pool.
  
  timestamp number
  
  transport object
  
  Hide transport attributes Show transport attributes object
  
  inbound_handling_time_histogram array[object]
  
  The distribution of the time spent handling each inbound message on a transport thread, represented as a histogram.
  
  outbound_handling_time_histogram array[object]
  
  The distribution of the time spent sending each outbound transport message on a transport thread, represented as a histogram.
  
  rx_count number
  
  Total number of RX (receive) packets received by the node during internal cluster communication.
  
  rx_size string
  
  Size of RX packets received by the node during internal cluster communication.
  
  rx_size_in_bytes number
  
  Size, in bytes, of RX packets received by the node during internal cluster communication.
  
  server_open number
  
  Current number of inbound TCP connections used for internal communication between nodes.
  
  tx_count number
  
  Total number of TX (transmit) packets sent by the node during internal cluster communication.
  
  tx_size string
  
  Size of TX packets sent by the node during internal cluster communication.
  
  tx_size_in_bytes number
  
  Size, in bytes, of TX packets sent by the node during internal cluster communication.
  
  total_outbound_connections number
  
  The cumulative number of outbound transport connections that this node has opened since it started. Each transport connection may comprise multiple TCP connections but is only counted once in this statistic. Transport connections are typically long-lived so this statistic should remain constant in a stable cluster.
  
  transport_address string
  
  attributes object
  
  Contains a list of attributes for the node.
  
  Hide attributes attribute Show attributes attribute object
  
  * string Additional properties
  
  discovery object
  
  Hide discovery attributes Show discovery attributes object
  
  cluster_state_queue object
  
  Hide cluster_state_queue attributes Show cluster_state_queue attributes object
  
  total number
  
  Total number of cluster states in queue.
  
  pending number
  
  Number of pending cluster states in queue.
  
  committed number
  
  Number of committed cluster states in queue.
  
  published_cluster_states object
  
  Hide published_cluster_states attributes Show published_cluster_states attributes object
  
  full_states number
  
  Number of published cluster states.
  
  incompatible_diffs number
  
  Number of incompatible differences between published cluster states.
  
  compatible_diffs number
  
  Number of compatible differences between published cluster states.
  
  cluster_state_update object
  
  Contains low-level statistics about how long various activities took during cluster state updates while the node was the elected master. Omitted if the node is not master-eligible. Every field whose name ends in _time within this object is also represented as a raw number of milliseconds in a field whose name ends in _time_millis. The human-readable fields with a _time suffix are only returned if requested with the ?human=true query parameter.
  
  Hide cluster_state_update attribute Show cluster_state_update attribute object
  
  * object Additional properties
  
  serialized_cluster_states object
  
  Hide serialized_cluster_states attributes Show serialized_cluster_states attributes object
  
  full_states object
  
  diffs object
  
  cluster_applier_stats object
  
  Hide cluster_applier_stats attribute Show cluster_applier_stats attribute object
  
  recordings array[object]
  
  indexing_pressure object
  
  Hide indexing_pressure attribute Show indexing_pressure attribute object
  
  memory object
  
  Hide memory attributes Show memory attributes object
  
  limit
  
  limit_in_bytes number
  
  Configured memory limit, in bytes, for the indexing requests. Replica requests have an automatic limit that is 1.5x this value.
  
  current object
  
  total object
  
  indices object
  
  Hide indices attributes Show indices attributes object
  
  commit object
  
  Hide commit attributes Show commit attributes object
  
  generation number Required
  
  id string Required
  
  num_docs number Required
  
  user_data object Required
  
  completion object
  
  Hide completion attributes Show completion attributes object
  
  size_in_bytes number Required
  
  Total amount, in bytes, of memory used for completion across all shards assigned to selected nodes.
  
  size
  
  fields object
  
  docs object
  
  Hide docs attributes Show docs attributes object
  
  count number Required
  
  Total number of non-deleted documents across all primary shards assigned to selected nodes. This number is based on documents in Lucene segments and may include documents from nested fields.
  
  deleted number
  
  Total number of deleted documents across all primary shards assigned to selected nodes. This number is based on documents in Lucene segments. Elasticsearch reclaims the disk space of deleted Lucene documents when a segment is merged.
  
  fielddata object
  
  Hide fielddata attributes Show fielddata attributes object
  
  evictions number
  
  memory_size
  
  memory_size_in_bytes number Required
  
  fields object
  
  flush object
  
  Hide flush attributes Show flush attributes object
  
  periodic number Required
  
  total number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  get object
  
  Hide get attributes Show get attributes object
  
  current number Required
  
  exists_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  exists_total number Required
  
  missing_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  missing_total number Required
  
  time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total number Required
  
  indexing object
  
  Hide indexing attributes Show indexing attributes object
  
  index_current number Required
  
  delete_current number Required
  
  delete_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  delete_total number Required
  
  is_throttled boolean Required
  
  noop_update_total number Required
  
  throttle_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  index_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  index_total number Required
  
  index_failed number Required
  
  types object
  
  write_load number
  
  mappings object
  
  Hide mappings attributes Show mappings attributes object
  
  total_count number Required
  
  total_estimated_overhead
  
  total_estimated_overhead_in_bytes number Required
  
  merges object
  
  Hide merges attributes Show merges attributes object
  
  current number Required
  
  current_docs number Required
  
  current_size string
  
  current_size_in_bytes number Required
  
  total number Required
  
  total_auto_throttle string
  
  total_auto_throttle_in_bytes number Required
  
  total_docs number Required
  
  total_size string
  
  total_size_in_bytes number Required
  
  total_stopped_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_throttled_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  shard_path object
  
  Hide shard_path attributes Show shard_path attributes object
  
  data_path string Required
  
  is_custom_data_path boolean Required
  
  state_path string Required
  
  query_cache object
  
  Hide query_cache attributes Show query_cache attributes object
  
  cache_count number Required
  
  cache_size number Required
  
  evictions number Required
  
  hit_count number Required
  
  memory_size_in_bytes number Required
  
  miss_count number Required
  
  total_count number Required
  
  recovery object
  
  Hide recovery attributes Show recovery attributes object
  
  current_as_source number Required
  
  current_as_target number Required
  
  throttle_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  refresh object
  
  Hide refresh attributes Show refresh attributes object
  
  external_total number Required
  
  listeners number Required
  
  total number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  request_cache object
  
  Hide request_cache attributes Show request_cache attributes object
  
  evictions number Required
  
  hit_count number Required
  
  memory_size string
  
  memory_size_in_bytes number Required
  
  miss_count number Required
  
  retention_leases object
  
  Hide retention_leases attributes Show retention_leases attributes object
  
  primary_term number Required
  
  version number Required
  
  leases array[object] Required
  
  routing object
  
  Hide routing attributes Show routing attributes object
  
  node string Required
  
  primary boolean Required
  
  relocating_node
  
  state string Required
  
  Values are UNASSIGNED, INITIALIZING, STARTED, or RELOCATING.
  
  search object
  
  Hide search attributes Show search attributes object
  
  fetch_current number Required
  
  fetch_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  fetch_total number Required
  
  open_contexts number
  
  query_current number Required
  
  query_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  query_total number Required
  
  scroll_current number Required
  
  scroll_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  scroll_total number Required
  
  suggest_current number Required
  
  suggest_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  suggest_total number Required
  
  groups object
  
  segments object
  
  Hide segments attributes Show segments attributes object
  
  count number Required
  
  Total number of segments across all shards assigned to selected nodes.
  
  doc_values_memory
  
  doc_values_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for doc values across all shards assigned to selected nodes.
  
  file_sizes object Required
  
  This object is not populated by the cluster stats API. To get information on segment files, use the node stats API.
  
  fixed_bit_set
  
  fixed_bit_set_memory_in_bytes number Required
  
  Total amount of memory, in bytes, used by fixed bit sets across all shards assigned to selected nodes.
  
  index_writer_memory
  
  index_writer_max_memory_in_bytes number
  
  index_writer_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used by all index writers across all shards assigned to selected nodes.
  
  max_unsafe_auto_id_timestamp number Required
  
  Unix timestamp, in milliseconds, of the most recently retried indexing request.
  
  memory
  
  memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for segments across all shards assigned to selected nodes.
  
  norms_memory
  
  norms_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for normalization factors across all shards assigned to selected nodes.
  
  points_memory
  
  points_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for points across all shards assigned to selected nodes.
  
  stored_memory
  
  stored_fields_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for stored fields across all shards assigned to selected nodes.
  
  terms_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for terms across all shards assigned to selected nodes.
  
  terms_memory
  
  term_vectory_memory
  
  term_vectors_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for term vectors across all shards assigned to selected nodes.
  
  version_map_memory
  
  version_map_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used by all version maps across all shards assigned to selected nodes.
  
  seq_no object
  
  Hide seq_no attributes Show seq_no attributes object
  
  global_checkpoint number Required
  
  local_checkpoint number Required
  
  max_seq_no number Required
  
  store object
  
  Hide store attributes Show store attributes object
  
  size
  
  size_in_bytes number Required
  
  Total size, in bytes, of all shards assigned to selected nodes.
  
  reserved
  
  reserved_in_bytes number Required
  
  A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities.
  
  total_data_set_size
  
  total_data_set_size_in_bytes number
  
  Total data set size, in bytes, of all shards assigned to selected nodes. This includes the size of shards not stored fully on the nodes, such as the cache for partially mounted indices.
  
  translog object
  
  Hide translog attributes Show translog attributes object
  
  earliest_last_modified_age number Required
  
  operations number Required
  
  size string
  
  size_in_bytes number Required
  
  uncommitted_operations number Required
  
  uncommitted_size string
  
  uncommitted_size_in_bytes number Required
  
  warmer object
  
  Hide warmer attributes Show warmer attributes object
  
  current number Required
  
  total number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  bulk object
  
  Hide bulk attributes Show bulk attributes object
  
  total_operations number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_size
  
  total_size_in_bytes number Required
  
  avg_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  avg_size
  
  avg_size_in_bytes number Required
  
  shards object
  
  Hide shards attribute Show shards attribute object
  
  * object Additional properties
  
  shard_stats object
  
  Hide shard_stats attribute Show shard_stats attribute object
  
  total_count number Required
  
  indices object Additional properties
  
  Hide indices attributes Show indices attributes object
  
  primaries object
  
  shards object
  
  total object
  
  uuid string
  
  health string
  
  Values are green, GREEN, yellow, YELLOW, red, or RED.
  
  status string
  
  Values are open or close.

GET /_nodes/stats/{metric}

curl \
 --request GET 'http://api.example.com/_nodes/stats/{metric}' \
 --header "Authorization: $API_KEY"

Get node statistics

GET /_nodes/{node_id}/stats/{metric}/{index_metric}

Api key auth Basic auth Bearer auth

Get statistics for nodes in a cluster. By default, all stats are returned. You can limit the returned information by using metrics.

Path parameters

node_id string | array[string] Required

Comma-separated list of node IDs or names used to limit returned information.
metric string | array[string] Required

Limit the information returned to the specified metrics
index_metric string | array[string] Required

Limit the information returned for indices metric to the specific index metrics. It can be used only if indices (or all) metric is specified.

Query parameters

completion_fields string | array[string]

Comma-separated list or wildcard expressions of fields to include in fielddata and suggest statistics.
fielddata_fields string | array[string]

Comma-separated list or wildcard expressions of fields to include in fielddata statistics.
fields string | array[string]

Comma-separated list or wildcard expressions of fields to include in the statistics.
groups boolean

Comma-separated list of search groups to include in the search statistics.
include_segment_file_sizes boolean

If true, the call reports the aggregated disk usage of each one of the Lucene index files (only applies if segment stats are requested).
level string

Indicates whether statistics are aggregated at the cluster, index, or shard level.

Values are cluster, indices, or shards.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
types array[string]

A comma-separated list of document types for the indexing index metric.
include_unloaded_segments boolean

If true, the response includes information from segments that are not loaded into memory.

Responses

200 application/json
Hide response attributes Show response attributes object
- _nodes object
  
  Hide _nodes attributes Show _nodes attributes object
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  total number Required
  
  Total number of nodes selected by the request.
  
  successful number Required
  
  Number of nodes that responded successfully to the request.
  
  failed number Required
  
  Number of nodes that rejected the request or failed to respond. If this value is not 0, a reason for the rejection or failure is included in the response.
- cluster_name string
- nodes object Required
  
  Hide nodes attribute Show nodes attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  adaptive_selection object
  
  Statistics about adaptive replica selection.
  
  Hide adaptive_selection attribute Show adaptive_selection attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  avg_queue_size number
  
  The exponentially weighted moving average queue size of search requests on the keyed node.
  
  avg_response_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  avg_response_time_ns number
  
  The exponentially weighted moving average response time, in nanoseconds, of search requests on the keyed node.
  
  avg_service_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  avg_service_time_ns number
  
  The exponentially weighted moving average service time, in nanoseconds, of search requests on the keyed node.
  
  outgoing_searches number
  
  The number of outstanding search requests to the keyed node from the node these stats are for.
  
  rank string
  
  The rank of this node; used for shard selection when routing search requests.
  
  breakers object
  
  Statistics about the field data circuit breaker.
  
  Hide breakers attribute Show breakers attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  estimated_size string
  
  Estimated memory used for the operation.
  
  estimated_size_in_bytes number
  
  Estimated memory used, in bytes, for the operation.
  
  limit_size string
  
  Memory limit for the circuit breaker.
  
  limit_size_in_bytes number
  
  Memory limit, in bytes, for the circuit breaker.
  
  overhead number
  
  A constant that all estimates for the circuit breaker are multiplied with to calculate a final estimate.
  
  tripped number
  
  Total number of times the circuit breaker has been triggered and prevented an out of memory error.
  
  fs object
  
  Hide fs attributes Show fs attributes object
  
  data array[object]
  
  List of all file stores.
  
  timestamp number
  
  Last time the file stores statistics were refreshed. Recorded in milliseconds since the Unix Epoch.
  
  total object
  
  Hide total attributes Show total attributes object
  
  available string
  
  Total disk space available to this Java virtual machine on all file stores. Depending on OS or process level restrictions, this might appear less than free. This is the actual amount of free disk space the Elasticsearch node can utilise.
  
  available_in_bytes number
  
  Total number of bytes available to this Java virtual machine on all file stores. Depending on OS or process level restrictions, this might appear less than free_in_bytes. This is the actual amount of free disk space the Elasticsearch node can utilise.
  
  free string
  
  Total unallocated disk space in all file stores.
  
  free_in_bytes number
  
  Total number of unallocated bytes in all file stores.
  
  total string
  
  Total size of all file stores.
  
  total_in_bytes number
  
  Total size of all file stores in bytes.
  
  io_stats object
  
  Hide io_stats attributes Show io_stats attributes object
  
  devices array[object]
  
  Array of disk metrics for each device that is backing an Elasticsearch data path. These disk metrics are probed periodically and averages between the last probe and the current probe are computed.
  
  total object
  
  host string
  
  http object
  
  Hide http attributes Show http attributes object
  
  current_open number
  
  Current number of open HTTP connections for the node.
  
  total_opened number
  
  Total number of HTTP connections opened for the node.
  
  clients array[object]
  
  Information on current and recently-closed HTTP client connections. Clients that have been closed longer than the http.client_stats.closed_channels.max_age setting will not be represented here.
  
  routes object Required Added in 8.12.0
  
  Detailed HTTP stats broken down by route
  
  Hide routes attribute Show routes attribute object
  
  * object Additional properties
  
  ingest object
  
  Hide ingest attributes Show ingest attributes object
  
  pipelines object
  
  Contains statistics about ingest pipelines for the node.
  
  Hide pipelines attribute Show pipelines attribute object
  
  * object Additional properties
  
  total object
  
  Hide total attributes Show total attributes object
  
  count number Required
  
  Total number of documents ingested during the lifetime of this node.
  
  current number Required
  
  Total number of documents currently being ingested.
  
  failed number Required
  
  Total number of failed ingest operations during the lifetime of this node.
  
  ip string | array[string]
  
  IP address and port for the node.
  
  One of:
  Ip string array-2 array[string]
  
  jvm object
  
  Hide jvm attributes Show jvm attributes object
  
  buffer_pools object
  
  Contains statistics about JVM buffer pools for the node.
  
  Hide buffer_pools attribute Show buffer_pools attribute object
  
  * object Additional properties
  
  classes object
  
  Hide classes attributes Show classes attributes object
  
  current_loaded_count number
  
  Number of classes currently loaded by JVM.
  
  total_loaded_count number
  
  Total number of classes loaded since the JVM started.
  
  total_unloaded_count number
  
  Total number of classes unloaded since the JVM started.
  
  gc object
  
  Hide gc attribute Show gc attribute object
  
  collectors object
  
  Contains statistics about JVM garbage collectors for the node.
  
  mem object
  
  Hide mem attributes Show mem attributes object
  
  heap_used_in_bytes number
  
  Memory, in bytes, currently in use by the heap.
  
  heap_used_percent number
  
  Percentage of memory currently in use by the heap.
  
  heap_committed_in_bytes number
  
  Amount of memory, in bytes, available for use by the heap.
  
  heap_max_in_bytes number
  
  Maximum amount of memory, in bytes, available for use by the heap.
  
  non_heap_used_in_bytes number
  
  Non-heap memory used, in bytes.
  
  non_heap_committed_in_bytes number
  
  Amount of non-heap memory available, in bytes.
  
  pools object
  
  Contains statistics about heap memory usage for the node.
  
  threads object
  
  Hide threads attributes Show threads attributes object
  
  count number
  
  Number of active threads in use by JVM.
  
  peak_count number
  
  Highest number of threads used by JVM.
  
  timestamp number
  
  Last time JVM statistics were refreshed.
  
  uptime string
  
  Human-readable JVM uptime. Only returned if the human query parameter is true.
  
  uptime_in_millis number
  
  JVM uptime in milliseconds.
  
  name string
  
  os object
  
  Hide os attributes Show os attributes object
  
  cpu object
  
  Hide cpu attributes Show cpu attributes object
  
  percent number
  
  sys string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  user string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  load_average object
  
  swap object
  
  Hide swap attributes Show swap attributes object
  
  adjusted_total_in_bytes number
  
  If the amount of physical memory has been overridden using the es.total_memory_bytes system property then this reports the overridden value in bytes. Otherwise it reports the same value as total_in_bytes.
  
  resident string
  
  resident_in_bytes number
  
  share string
  
  share_in_bytes number
  
  total_virtual string
  
  total_virtual_in_bytes number
  
  total_in_bytes number
  
  Total amount of physical memory in bytes.
  
  free_in_bytes number
  
  Amount of free physical memory in bytes.
  
  used_in_bytes number
  
  Amount of used physical memory in bytes.
  
  cgroup object
  
  Hide cgroup attributes Show cgroup attributes object
  
  cpuacct object
  
  cpu object
  
  memory object
  
  timestamp number
  
  process object
  
  Hide process attributes Show process attributes object
  
  cpu object
  
  Hide cpu attributes Show cpu attributes object
  
  percent number
  
  sys string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  user string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  load_average object
  
  mem object
  
  Hide mem attributes Show mem attributes object
  
  adjusted_total_in_bytes number
  
  If the amount of physical memory has been overridden using the es.total_memory_bytes system property then this reports the overridden value in bytes. Otherwise it reports the same value as total_in_bytes.
  
  resident string
  
  resident_in_bytes number
  
  share string
  
  share_in_bytes number
  
  total_virtual string
  
  total_virtual_in_bytes number
  
  total_in_bytes number
  
  Total amount of physical memory in bytes.
  
  free_in_bytes number
  
  Amount of free physical memory in bytes.
  
  used_in_bytes number
  
  Amount of used physical memory in bytes.
  
  open_file_descriptors number
  
  Number of opened file descriptors associated with the current or -1 if not supported.
  
  max_file_descriptors number
  
  Maximum number of file descriptors allowed on the system, or -1 if not supported.
  
  timestamp number
  
  Last time the statistics were refreshed. Recorded in milliseconds since the Unix Epoch.
  
  roles array[string]
  
  @doc_id node-roles
  
  Values are master, data, data_cold, data_content, data_frozen, data_hot, data_warm, client, ingest, ml, voting_only, transform, remote_cluster_client, or coordinating_only.
  
  script object
  
  Hide script attributes Show script attributes object
  
  cache_evictions number
  
  Total number of times the script cache has evicted old data.
  
  compilations number
  
  Total number of inline script compilations performed by the node.
  
  compilations_history object
  
  Contains this recent history of script compilations.
  
  Hide compilations_history attribute Show compilations_history attribute object
  
  * number Additional properties
  
  compilation_limit_triggered number
  
  Total number of times the script compilation circuit breaker has limited inline script compilations.
  
  contexts array[object]
  
  script_cache object
  
  thread_pool object
  
  Statistics about each thread pool, including current size, queue and rejected tasks.
  
  Hide thread_pool attribute Show thread_pool attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  active number
  
  Number of active threads in the thread pool.
  
  completed number
  
  Number of tasks completed by the thread pool executor.
  
  largest number
  
  Highest number of active threads in the thread pool.
  
  queue number
  
  Number of tasks in queue for the thread pool.
  
  rejected number
  
  Number of tasks rejected by the thread pool executor.
  
  threads number
  
  Number of threads in the thread pool.
  
  timestamp number
  
  transport object
  
  Hide transport attributes Show transport attributes object
  
  inbound_handling_time_histogram array[object]
  
  The distribution of the time spent handling each inbound message on a transport thread, represented as a histogram.
  
  outbound_handling_time_histogram array[object]
  
  The distribution of the time spent sending each outbound transport message on a transport thread, represented as a histogram.
  
  rx_count number
  
  Total number of RX (receive) packets received by the node during internal cluster communication.
  
  rx_size string
  
  Size of RX packets received by the node during internal cluster communication.
  
  rx_size_in_bytes number
  
  Size, in bytes, of RX packets received by the node during internal cluster communication.
  
  server_open number
  
  Current number of inbound TCP connections used for internal communication between nodes.
  
  tx_count number
  
  Total number of TX (transmit) packets sent by the node during internal cluster communication.
  
  tx_size string
  
  Size of TX packets sent by the node during internal cluster communication.
  
  tx_size_in_bytes number
  
  Size, in bytes, of TX packets sent by the node during internal cluster communication.
  
  total_outbound_connections number
  
  The cumulative number of outbound transport connections that this node has opened since it started. Each transport connection may comprise multiple TCP connections but is only counted once in this statistic. Transport connections are typically long-lived so this statistic should remain constant in a stable cluster.
  
  transport_address string
  
  attributes object
  
  Contains a list of attributes for the node.
  
  Hide attributes attribute Show attributes attribute object
  
  * string Additional properties
  
  discovery object
  
  Hide discovery attributes Show discovery attributes object
  
  cluster_state_queue object
  
  Hide cluster_state_queue attributes Show cluster_state_queue attributes object
  
  total number
  
  Total number of cluster states in queue.
  
  pending number
  
  Number of pending cluster states in queue.
  
  committed number
  
  Number of committed cluster states in queue.
  
  published_cluster_states object
  
  Hide published_cluster_states attributes Show published_cluster_states attributes object
  
  full_states number
  
  Number of published cluster states.
  
  incompatible_diffs number
  
  Number of incompatible differences between published cluster states.
  
  compatible_diffs number
  
  Number of compatible differences between published cluster states.
  
  cluster_state_update object
  
  Contains low-level statistics about how long various activities took during cluster state updates while the node was the elected master. Omitted if the node is not master-eligible. Every field whose name ends in _time within this object is also represented as a raw number of milliseconds in a field whose name ends in _time_millis. The human-readable fields with a _time suffix are only returned if requested with the ?human=true query parameter.
  
  Hide cluster_state_update attribute Show cluster_state_update attribute object
  
  * object Additional properties
  
  serialized_cluster_states object
  
  Hide serialized_cluster_states attributes Show serialized_cluster_states attributes object
  
  full_states object
  
  diffs object
  
  cluster_applier_stats object
  
  Hide cluster_applier_stats attribute Show cluster_applier_stats attribute object
  
  recordings array[object]
  
  indexing_pressure object
  
  Hide indexing_pressure attribute Show indexing_pressure attribute object
  
  memory object
  
  Hide memory attributes Show memory attributes object
  
  limit
  
  limit_in_bytes number
  
  Configured memory limit, in bytes, for the indexing requests. Replica requests have an automatic limit that is 1.5x this value.
  
  current object
  
  total object
  
  indices object
  
  Hide indices attributes Show indices attributes object
  
  commit object
  
  Hide commit attributes Show commit attributes object
  
  generation number Required
  
  id string Required
  
  num_docs number Required
  
  user_data object Required
  
  completion object
  
  Hide completion attributes Show completion attributes object
  
  size_in_bytes number Required
  
  Total amount, in bytes, of memory used for completion across all shards assigned to selected nodes.
  
  size
  
  fields object
  
  docs object
  
  Hide docs attributes Show docs attributes object
  
  count number Required
  
  Total number of non-deleted documents across all primary shards assigned to selected nodes. This number is based on documents in Lucene segments and may include documents from nested fields.
  
  deleted number
  
  Total number of deleted documents across all primary shards assigned to selected nodes. This number is based on documents in Lucene segments. Elasticsearch reclaims the disk space of deleted Lucene documents when a segment is merged.
  
  fielddata object
  
  Hide fielddata attributes Show fielddata attributes object
  
  evictions number
  
  memory_size
  
  memory_size_in_bytes number Required
  
  fields object
  
  flush object
  
  Hide flush attributes Show flush attributes object
  
  periodic number Required
  
  total number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  get object
  
  Hide get attributes Show get attributes object
  
  current number Required
  
  exists_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  exists_total number Required
  
  missing_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  missing_total number Required
  
  time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total number Required
  
  indexing object
  
  Hide indexing attributes Show indexing attributes object
  
  index_current number Required
  
  delete_current number Required
  
  delete_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  delete_total number Required
  
  is_throttled boolean Required
  
  noop_update_total number Required
  
  throttle_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  index_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  index_total number Required
  
  index_failed number Required
  
  types object
  
  write_load number
  
  mappings object
  
  Hide mappings attributes Show mappings attributes object
  
  total_count number Required
  
  total_estimated_overhead
  
  total_estimated_overhead_in_bytes number Required
  
  merges object
  
  Hide merges attributes Show merges attributes object
  
  current number Required
  
  current_docs number Required
  
  current_size string
  
  current_size_in_bytes number Required
  
  total number Required
  
  total_auto_throttle string
  
  total_auto_throttle_in_bytes number Required
  
  total_docs number Required
  
  total_size string
  
  total_size_in_bytes number Required
  
  total_stopped_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_throttled_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  shard_path object
  
  Hide shard_path attributes Show shard_path attributes object
  
  data_path string Required
  
  is_custom_data_path boolean Required
  
  state_path string Required
  
  query_cache object
  
  Hide query_cache attributes Show query_cache attributes object
  
  cache_count number Required
  
  cache_size number Required
  
  evictions number Required
  
  hit_count number Required
  
  memory_size_in_bytes number Required
  
  miss_count number Required
  
  total_count number Required
  
  recovery object
  
  Hide recovery attributes Show recovery attributes object
  
  current_as_source number Required
  
  current_as_target number Required
  
  throttle_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  refresh object
  
  Hide refresh attributes Show refresh attributes object
  
  external_total number Required
  
  listeners number Required
  
  total number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  request_cache object
  
  Hide request_cache attributes Show request_cache attributes object
  
  evictions number Required
  
  hit_count number Required
  
  memory_size string
  
  memory_size_in_bytes number Required
  
  miss_count number Required
  
  retention_leases object
  
  Hide retention_leases attributes Show retention_leases attributes object
  
  primary_term number Required
  
  version number Required
  
  leases array[object] Required
  
  routing object
  
  Hide routing attributes Show routing attributes object
  
  node string Required
  
  primary boolean Required
  
  relocating_node
  
  state string Required
  
  Values are UNASSIGNED, INITIALIZING, STARTED, or RELOCATING.
  
  search object
  
  Hide search attributes Show search attributes object
  
  fetch_current number Required
  
  fetch_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  fetch_total number Required
  
  open_contexts number
  
  query_current number Required
  
  query_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  query_total number Required
  
  scroll_current number Required
  
  scroll_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  scroll_total number Required
  
  suggest_current number Required
  
  suggest_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  suggest_total number Required
  
  groups object
  
  segments object
  
  Hide segments attributes Show segments attributes object
  
  count number Required
  
  Total number of segments across all shards assigned to selected nodes.
  
  doc_values_memory
  
  doc_values_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for doc values across all shards assigned to selected nodes.
  
  file_sizes object Required
  
  This object is not populated by the cluster stats API. To get information on segment files, use the node stats API.
  
  fixed_bit_set
  
  fixed_bit_set_memory_in_bytes number Required
  
  Total amount of memory, in bytes, used by fixed bit sets across all shards assigned to selected nodes.
  
  index_writer_memory
  
  index_writer_max_memory_in_bytes number
  
  index_writer_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used by all index writers across all shards assigned to selected nodes.
  
  max_unsafe_auto_id_timestamp number Required
  
  Unix timestamp, in milliseconds, of the most recently retried indexing request.
  
  memory
  
  memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for segments across all shards assigned to selected nodes.
  
  norms_memory
  
  norms_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for normalization factors across all shards assigned to selected nodes.
  
  points_memory
  
  points_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for points across all shards assigned to selected nodes.
  
  stored_memory
  
  stored_fields_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for stored fields across all shards assigned to selected nodes.
  
  terms_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for terms across all shards assigned to selected nodes.
  
  terms_memory
  
  term_vectory_memory
  
  term_vectors_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used for term vectors across all shards assigned to selected nodes.
  
  version_map_memory
  
  version_map_memory_in_bytes number Required
  
  Total amount, in bytes, of memory used by all version maps across all shards assigned to selected nodes.
  
  seq_no object
  
  Hide seq_no attributes Show seq_no attributes object
  
  global_checkpoint number Required
  
  local_checkpoint number Required
  
  max_seq_no number Required
  
  store object
  
  Hide store attributes Show store attributes object
  
  size
  
  size_in_bytes number Required
  
  Total size, in bytes, of all shards assigned to selected nodes.
  
  reserved
  
  reserved_in_bytes number Required
  
  A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities.
  
  total_data_set_size
  
  total_data_set_size_in_bytes number
  
  Total data set size, in bytes, of all shards assigned to selected nodes. This includes the size of shards not stored fully on the nodes, such as the cache for partially mounted indices.
  
  translog object
  
  Hide translog attributes Show translog attributes object
  
  earliest_last_modified_age number Required
  
  operations number Required
  
  size string
  
  size_in_bytes number Required
  
  uncommitted_operations number Required
  
  uncommitted_size string
  
  uncommitted_size_in_bytes number Required
  
  warmer object
  
  Hide warmer attributes Show warmer attributes object
  
  current number Required
  
  total number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  bulk object
  
  Hide bulk attributes Show bulk attributes object
  
  total_operations number Required
  
  total_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  total_size
  
  total_size_in_bytes number Required
  
  avg_time string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  avg_size
  
  avg_size_in_bytes number Required
  
  shards object
  
  Hide shards attribute Show shards attribute object
  
  * object Additional properties
  
  shard_stats object
  
  Hide shard_stats attribute Show shard_stats attribute object
  
  total_count number Required
  
  indices object Additional properties
  
  Hide indices attributes Show indices attributes object
  
  primaries object
  
  shards object
  
  total object
  
  uuid string
  
  health string
  
  Values are green, GREEN, yellow, YELLOW, red, or RED.
  
  status string
  
  Values are open or close.

GET /_nodes/{node_id}/stats/{metric}/{index_metric}

curl \
 --request GET 'http://api.example.com/_nodes/{node_id}/stats/{metric}/{index_metric}' \
 --header "Authorization: $API_KEY"

Get the cluster health Added in 8.7.0

GET /_health_report/{feature}

Api key auth Basic auth Bearer auth

Get a report with the health status of an Elasticsearch cluster. The report contains a list of indicators that compose Elasticsearch functionality.

Each indicator has a health status of: green, unknown, yellow or red. The indicator will provide an explanation and metadata describing the reason for its current health status.

The cluster’s status is controlled by the worst indicator status.

In the event that an indicator’s status is non-green, a list of impacts may be present in the indicator result which detail the functionalities that are negatively affected by the health issue. Each impact carries with it a severity level, an area of the system that is affected, and a simple description of the impact on the system.

Some health indicators can determine the root cause of a health problem and prescribe a set of steps that can be performed in order to improve the health of the system. The root cause and remediation steps are encapsulated in a diagnosis. A diagnosis contains a cause detailing a root cause analysis, an action containing a brief description of the steps to take to fix the problem, the list of affected resources (if applicable), and a detailed step-by-step troubleshooting guide to fix the diagnosed problem.

NOTE: The health indicators perform root cause analysis of non-green health statuses. This can be computationally expensive when called frequently. When setting up automated polling of the API for health status, set verbose to false to disable the more expensive analysis logic.

Path parameters

feature string | array[string] Required

A feature of the cluster, as returned by the top-level health report API.

Query parameters

timeout string

Explicit operation timeout.
verbose boolean

Opt-in for more information about the health of the system.
size number

Limit the number of affected resources the health report API returns.

Responses

200 application/json
Hide response attributes Show response attributes object
- cluster_name string Required
- indicators object Required
  
  Hide indicators attributes Show indicators attributes object
  
  master_is_stable object
  
  Hide master_is_stable attributes Show master_is_stable attributes object
  
  status string Required
  
  Values are green, yellow, red, or unknown.
  
  symptom string Required
  
  impacts array[object]
  
  Hide impacts attributes Show impacts attributes object
  
  description string Required
  
  id string Required
  
  impact_areas array[string] Required
  
  Values are search, ingest, backup, or deployment_management.
  
  severity number Required
  
  diagnosis array[object]
  
  Hide diagnosis attributes Show diagnosis attributes object
  
  id string Required
  
  action string Required
  
  affected_resources object Required
  
  cause string Required
  
  help_url string Required
  
  details object
  
  Hide details attributes Show details attributes object
  
  current_master object Required
  
  Hide current_master attributes Show current_master attributes object
  
  name
  
  node_id
  
  recent_masters array[object] Required
  
  exception_fetching_history object
  
  Hide exception_fetching_history attributes Show exception_fetching_history attributes object
  
  message string Required
  
  stack_trace string Required
  
  cluster_formation array[object]
  
  shards_availability object
  
  Hide shards_availability attributes Show shards_availability attributes object
  
  status string Required
  
  Values are green, yellow, red, or unknown.
  
  symptom string Required
  
  impacts array[object]
  
  Hide impacts attributes Show impacts attributes object
  
  description string Required
  
  id string Required
  
  impact_areas array[string] Required
  
  Values are search, ingest, backup, or deployment_management.
  
  severity number Required
  
  diagnosis array[object]
  
  Hide diagnosis attributes Show diagnosis attributes object
  
  id string Required
  
  action string Required
  
  affected_resources object Required
  
  cause string Required
  
  help_url string Required
  
  details object
  
  Hide details attributes Show details attributes object
  
  creating_primaries number Required
  
  creating_replicas number Required
  
  initializing_primaries number Required
  
  initializing_replicas number Required
  
  restarting_primaries number Required
  
  restarting_replicas number Required
  
  started_primaries number Required
  
  started_replicas number Required
  
  unassigned_primaries number Required
  
  unassigned_replicas number Required
  
  disk object
  
  Hide disk attributes Show disk attributes object
  
  status string Required
  
  Values are green, yellow, red, or unknown.
  
  symptom string Required
  
  impacts array[object]
  
  Hide impacts attributes Show impacts attributes object
  
  description string Required
  
  id string Required
  
  impact_areas array[string] Required
  
  Values are search, ingest, backup, or deployment_management.
  
  severity number Required
  
  diagnosis array[object]
  
  Hide diagnosis attributes Show diagnosis attributes object
  
  id string Required
  
  action string Required
  
  affected_resources object Required
  
  cause string Required
  
  help_url string Required
  
  details object
  
  Hide details attributes Show details attributes object
  
  indices_with_readonly_block number Required
  
  nodes_with_enough_disk_space number Required
  
  nodes_over_high_watermark number Required
  
  nodes_over_flood_stage_watermark number Required
  
  nodes_with_unknown_disk_status number Required
  
  repository_integrity object
  
  Hide repository_integrity attributes Show repository_integrity attributes object
  
  status string Required
  
  Values are green, yellow, red, or unknown.
  
  symptom string Required
  
  impacts array[object]
  
  Hide impacts attributes Show impacts attributes object
  
  description string Required
  
  id string Required
  
  impact_areas array[string] Required
  
  Values are search, ingest, backup, or deployment_management.
  
  severity number Required
  
  diagnosis array[object]
  
  Hide diagnosis attributes Show diagnosis attributes object
  
  id string Required
  
  action string Required
  
  affected_resources object Required
  
  cause string Required
  
  help_url string Required
  
  details object
  
  Hide details attributes Show details attributes object
  
  total_repositories number
  
  corrupted_repositories number
  
  corrupted array[string]
  
  data_stream_lifecycle object
  
  Hide data_stream_lifecycle attributes Show data_stream_lifecycle attributes object
  
  status string Required
  
  Values are green, yellow, red, or unknown.
  
  symptom string Required
  
  impacts array[object]
  
  Hide impacts attributes Show impacts attributes object
  
  description string Required
  
  id string Required
  
  impact_areas array[string] Required
  
  Values are search, ingest, backup, or deployment_management.
  
  severity number Required
  
  diagnosis array[object]
  
  Hide diagnosis attributes Show diagnosis attributes object
  
  id string Required
  
  action string Required
  
  affected_resources object Required
  
  cause string Required
  
  help_url string Required
  
  details object
  
  Hide details attributes Show details attributes object
  
  stagnating_backing_indices_count number Required
  
  total_backing_indices_in_error number Required
  
  stagnating_backing_indices array[object]
  
  ilm object
  
  Hide ilm attributes Show ilm attributes object
  
  status string Required
  
  Values are green, yellow, red, or unknown.
  
  symptom string Required
  
  impacts array[object]
  
  Hide impacts attributes Show impacts attributes object
  
  description string Required
  
  id string Required
  
  impact_areas array[string] Required
  
  Values are search, ingest, backup, or deployment_management.
  
  severity number Required
  
  diagnosis array[object]
  
  Hide diagnosis attributes Show diagnosis attributes object
  
  id string Required
  
  action string Required
  
  affected_resources object Required
  
  cause string Required
  
  help_url string Required
  
  details object
  
  Hide details attributes Show details attributes object
  
  ilm_status string Required
  
  Values are RUNNING, STOPPING, or STOPPED.
  
  policies number Required
  
  stagnating_indices number Required
  
  slm object
  
  Hide slm attributes Show slm attributes object
  
  status string Required
  
  Values are green, yellow, red, or unknown.
  
  symptom string Required
  
  impacts array[object]
  
  Hide impacts attributes Show impacts attributes object
  
  description string Required
  
  id string Required
  
  impact_areas array[string] Required
  
  Values are search, ingest, backup, or deployment_management.
  
  severity number Required
  
  diagnosis array[object]
  
  Hide diagnosis attributes Show diagnosis attributes object
  
  id string Required
  
  action string Required
  
  affected_resources object Required
  
  cause string Required
  
  help_url string Required
  
  details object
  
  Hide details attributes Show details attributes object
  
  slm_status string Required
  
  Values are RUNNING, STOPPING, or STOPPED.
  
  policies number Required
  
  unhealthy_policies object
  
  Hide unhealthy_policies attributes Show unhealthy_policies attributes object
  
  count number Required
  
  invocations_since_last_success object
  
  shards_capacity object
  
  Hide shards_capacity attributes Show shards_capacity attributes object
  
  status string Required
  
  Values are green, yellow, red, or unknown.
  
  symptom string Required
  
  impacts array[object]
  
  Hide impacts attributes Show impacts attributes object
  
  description string Required
  
  id string Required
  
  impact_areas array[string] Required
  
  Values are search, ingest, backup, or deployment_management.
  
  severity number Required
  
  diagnosis array[object]
  
  Hide diagnosis attributes Show diagnosis attributes object
  
  id string Required
  
  action string Required
  
  affected_resources object Required
  
  cause string Required
  
  help_url string Required
  
  details object
  
  Hide details attributes Show details attributes object
  
  data object Required
  
  Hide data attributes Show data attributes object
  
  max_shards_in_cluster number Required
  
  current_used_shards number
  
  frozen object Required
  
  Hide frozen attributes Show frozen attributes object
  
  max_shards_in_cluster number Required
  
  current_used_shards number
- status string
  
  Values are green, yellow, red, or unknown.

GET /_health_report/{feature}

curl \
 --request GET 'http://api.example.com/_health_report/{feature}' \
 --header "Authorization: $API_KEY"

Check in a connector Technical preview

PUT /_connector/{connector_id}/_check_in

Api key auth Basic auth Bearer auth

Update the last_seen field in the connector and set it to the current timestamp.

Path parameters

connector_id string Required

The unique identifier of the connector to be checked in

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_check_in

curl \
 --request PUT 'http://api.example.com/_connector/{connector_id}/_check_in' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
    "result": "updated"
}

Get a connector sync job Beta

GET /_connector/_sync_job/{connector_sync_job_id}

Api key auth Basic auth Bearer auth

Path parameters

connector_sync_job_id string Required

The unique identifier of the connector sync job

Responses

200 application/json
Hide response attributes Show response attributes object
- cancelation_requested_at string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- canceled_at string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- completed_at string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- connector object Required
  
  Hide connector attributes Show connector attributes object
  
  configuration object Required
  
  Hide configuration attribute Show configuration attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  category string
  
  default_value number | string | boolean | null Required
  
  A scalar value.
  
  One of:
  ScalarValue number ScalarValue number ScalarValue string ScalarValue boolean ScalarValue string | null
  
  depends_on array[object] Required
  
  Hide depends_on attributes Show depends_on attributes object
  
  field string Required
  
  value
  
  display string Required
  
  Values are textbox, textarea, numeric, toggle, or dropdown.
  
  label string Required
  
  options array[object] Required
  
  Hide options attributes Show options attributes object
  
  label string Required
  
  value
  
  order number
  
  placeholder string
  
  required boolean Required
  
  sensitive boolean Required
  
  tooltip string | null
  
  One of:
  string-1 string string-2 string | null
  
  type string
  
  Values are str, int, list, or bool.
  
  ui_restrictions array[string]
  
  validations array[object]
  
  One of:
  LessThanValidation object GreaterThanValidation object ListTypeValidation object IncludedInValidation object RegexValidation object
  
  value object Required
  
  filtering object Required
  
  Hide filtering attributes Show filtering attributes object
  
  advanced_snippet object Required
  
  Hide advanced_snippet attributes Show advanced_snippet attributes object
  
  created_at string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  updated_at string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  value object Required
  
  rules array[object] Required
  
  Hide rules attributes Show rules attributes object
  
  created_at string
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  id string Required
  
  order number Required
  
  policy string Required
  
  Values are exclude or include.
  
  rule string Required
  
  Values are contains, ends_with, equals, regex, starts_with, >, or <.
  
  updated_at string
  
  value string Required
  
  validation object Required
  
  Hide validation attributes Show validation attributes object
  
  errors array[object] Required
  
  Hide errors attributes Show errors attributes object
  
  ids array[string] Required
  
  messages array[string] Required
  
  state string Required
  
  Values are edited, invalid, or valid.
  
  id string Required
  
  index_name string Required
  
  language string
  
  pipeline object
  
  Hide pipeline attributes Show pipeline attributes object
  
  extract_binary_content boolean Required
  
  name string Required
  
  reduce_whitespace boolean Required
  
  run_ml_inference boolean Required
  
  service_type string Required
  
  sync_cursor object
- created_at string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- deleted_document_count number Required
- error string
- id string Required
- indexed_document_count number Required
- indexed_document_volume number Required
- job_type string Required
  
  Values are full, incremental, or access_control.
- last_seen string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- metadata object Required
  
  Hide metadata attribute Show metadata attribute object
  
  * object Additional properties
- started_at string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- status string Required
  
  Values are canceling, canceled, completed, error, in_progress, pending, or suspended.
- total_document_count number Required
- trigger_method string Required
  
  Values are on_demand or scheduled.
- worker_hostname string

GET /_connector/_sync_job/{connector_sync_job_id}

curl \
 --request GET 'http://api.example.com/_connector/_sync_job/{connector_sync_job_id}' \
 --header "Authorization: $API_KEY"

Update the connector index name Beta

PUT /_connector/{connector_id}/_index_name

Api key auth Basic auth Bearer auth

Update the index_name field of a connector, specifying the index where the data ingested by the connector is stored.

Path parameters

connector_id string Required

The unique identifier of the connector to be updated

application/json

Body Required

index_name string | null

One of:
IndexName string NullValue string | null

Responses

200 application/json
Hide response attribute Show response attribute object
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.

PUT /_connector/{connector_id}/_index_name

curl \
 --request PUT 'http://api.example.com/_connector/{connector_id}/_index_name' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"index_name\": \"data-from-my-google-drive\"\n}"'

Request example

{
    "index_name": "data-from-my-google-drive"
}

Response examples (200)

{
  "result": "updated"
}

Get follower information Added in 6.7.0

GET /{index}/_ccr/info

Api key auth Basic auth Bearer auth

Get information about all cross-cluster replication follower indices. For example, the results include follower index names, leader index names, replication options, and whether the follower indices are active or paused.

External documentation

Path parameters

index string | array[string] Required

A comma-delimited list of follower index patterns.

Query parameters

master_timeout string

The period to wait for a connection to the master node. If the master node is not available before the timeout expires, the request fails and returns an error. It can also be set to -1 to indicate that the request should never timeout.

Responses

200 application/json
Hide response attribute Show response attribute object
- follower_indices array[object] Required
  
  Hide follower_indices attributes Show follower_indices attributes object
  
  follower_index string Required
  
  leader_index string Required
  
  parameters object
  
  Hide parameters attributes Show parameters attributes object
  
  max_outstanding_read_requests number
  
  The maximum number of outstanding reads requests from the remote cluster.
  
  max_outstanding_write_requests number
  
  The maximum number of outstanding write requests on the follower.
  
  max_read_request_operation_count number
  
  The maximum number of operations to pull per read from the remote cluster.
  
  max_read_request_size number | string
  
  One of:
  ByteSize number ByteSize string
  
  max_retry_delay string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  max_write_buffer_count number
  
  The maximum number of operations that can be queued for writing. When this limit is reached, reads from the remote cluster will be deferred until the number of queued operations goes below the limit.
  
  max_write_buffer_size number | string
  
  One of:
  ByteSize number ByteSize string
  
  max_write_request_operation_count number
  
  The maximum number of operations per bulk write request executed on the follower.
  
  max_write_request_size number | string
  
  One of:
  ByteSize number ByteSize string
  
  read_poll_timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  remote_cluster string Required
  
  status string Required
  
  Values are active or paused.

GET /{index}/_ccr/info

curl \
 --request GET 'http://api.example.com/{index}/_ccr/info' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /follower_index/_ccr/info` when the follower index is active.

{
  "follower_indices": [
    {
      "follower_index": "follower_index",
      "remote_cluster": "remote_cluster",
      "leader_index": "leader_index",
      "status": "active",
      "parameters": {
        "max_read_request_operation_count": 5120,
        "max_read_request_size": "32mb",
        "max_outstanding_read_requests": 12,
        "max_write_request_operation_count": 5120,
        "max_write_request_size": "9223372036854775807b",
        "max_outstanding_write_requests": 9,
        "max_write_buffer_count": 2147483647,
        "max_write_buffer_size": "512mb",
        "max_retry_delay": "500ms",
        "read_poll_timeout": "1m"
      }
    }
  ]
}

A successful response from `GET /follower_index/_ccr/info` when the follower index is paused.

{
  "follower_indices": [
    {
      "follower_index": "follower_index",
      "remote_cluster": "remote_cluster",
      "leader_index": "leader_index",
      "status": "paused"
    }
  ]
}

Get data stream stats Added in 7.9.0

GET /_data_stream/{name}/_stats

Api key auth Basic auth Bearer auth

Get statistics for one or more data streams.

Path parameters

name string Required

Comma-separated list of data streams used to limit the request. Wildcard expressions (*) are supported. To target all data streams in a cluster, omit this parameter or use *.

Query parameters

expand_wildcards string | array[string]
Type of data stream that wildcard patterns can match. Supports comma-separated values, such as open,hidden.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.

Responses

200 application/json
Hide response attributes Show response attributes object
- _shards object Required
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  shard number Required
  
  status string
  
  skipped number
- backing_indices number Required
  
  Total number of backing indices for the selected data streams.
- data_stream_count number Required
  
  Total number of selected data streams.
- data_streams array[object] Required
  
  Contains statistics for the selected data streams.
  
  Hide data_streams attributes Show data_streams attributes object
  
  backing_indices number Required
  
  Current number of backing indices for the data stream.
  
  data_stream string Required
  
  maximum_timestamp number
  
  Time unit for milliseconds
  
  store_size number | string
  
  One of:
  ByteSize number ByteSize string
  
  store_size_bytes number Required
  
  Total size, in bytes, of all shards for the data stream’s backing indices.
- total_store_sizes number | string
  
  One of:
  ByteSize number ByteSize string
- total_store_size_bytes number Required
  
  Total size, in bytes, of all shards for the selected data streams.

GET /_data_stream/{name}/_stats

curl \
 --request GET 'http://api.example.com/_data_stream/{name}/_stats' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response for retrieving statistics for a data stream.

{
  "_shards": {
    "total": 10,
    "successful": 5,
    "failed": 0
  },
  "data_stream_count": 2,
  "backing_indices": 5,
  "total_store_size": "7kb",
  "total_store_size_bytes": 7268,
  "data_streams": [
    {
      "data_stream": "my-data-stream",
      "backing_indices": 3,
      "store_size": "3.7kb",
      "store_size_bytes": 3772,
      "maximum_timestamp": 1607512028000
    },
    {
      "data_stream": "my-data-stream-two",
      "backing_indices": 2,
      "store_size": "3.4kb",
      "store_size_bytes": 3496,
      "maximum_timestamp": 1607425567000
    }
  ]
}

Downsample an index Technical preview

POST /{index}/_downsample/{target_index}

Api key auth Basic auth Bearer auth

Aggregate a time series (TSDS) index and store pre-computed statistical summaries (min, max, sum, value_count and avg) for each metric field grouped by a configured time interval. For example, a TSDS index that contains metrics sampled every 10 seconds can be downsampled to an hourly index. All documents within an hour interval are summarized and stored as a single document in the downsample index.

NOTE: Only indices in a time series data stream are supported. Neither field nor document level security can be defined on the source index. The source index must be read only (index.blocks.write: true).

Path parameters

index string Required

Name of the time series index to downsample.
target_index string Required

Name of the index to create.

application/json

Body Required

fixed_interval string Required

A date histogram interval. Similar to Duration with additional units: w (week), M (month), q (quarter) and y (year)

Responses

200 application/json

POST /{index}/_downsample/{target_index}

curl \
 --request POST 'http://api.example.com/{index}/_downsample/{target_index}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"fixed_interval\": \"1d\"\n}"'

Request example

{
  "fixed_interval": "1d"
}

Get data stream lifecycle stats Added in 8.12.0

GET /_lifecycle/stats

Api key auth Basic auth Bearer auth

Get statistics about the data streams that are managed by a data stream lifecycle.

Responses

200 application/json
Hide response attributes Show response attributes object
- data_stream_count number Required
  
  The count of data streams currently being managed by the data stream lifecycle.
- data_streams array[object] Required
  
  Information about the data streams that are managed by the data stream lifecycle.
  
  Hide data_streams attributes Show data_streams attributes object
  
  backing_indices_in_error number Required
  
  The count of the backing indices for the data stream.
  
  backing_indices_in_total number Required
  
  The count of the backing indices for the data stream that have encountered an error.
  
  name string Required
- last_run_duration_in_millis number
  
  Time unit for milliseconds
- time_between_starts_in_millis number
  
  Time unit for milliseconds

GET /_lifecycle/stats

curl \
 --request GET 'http://api.example.com/_lifecycle/stats' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response for `GET _lifecycle/stats?human&pretty`

{
  "last_run_duration_in_millis": 2,
  "last_run_duration": "2ms",
  "time_between_starts_in_millis": 9998,
  "time_between_starts": "9.99s",
  "data_streams_count": 2,
  "data_streams": [
    {
      "name": "my-data-stream",
      "backing_indices_in_total": 2,
      "backing_indices_in_error": 0
    },
    {
      "name": "my-other-stream",
      "backing_indices_in_total": 2,
      "backing_indices_in_error": 1
    }
  ]
}

Create or update a document in an index

POST /{index}/_doc/{id}

Api key auth Basic auth Bearer auth

Add a JSON document to the specified data stream or index and make it searchable. If the target is an index and the document already exists, the request updates the document and increments its version.

NOTE: You cannot use this API to send update requests for existing documents in a data stream.

If the Elasticsearch security features are enabled, you must have the following index privileges for the target data stream, index, or index alias:

To add or overwrite a document using the PUT /<target>/_doc/<_id> request format, you must have the create, index, or write index privilege.
To add a document using the POST /<target>/_doc/ request format, you must have the create_doc, create, index, or write index privilege.
To automatically create a data stream or index with this API request, you must have the auto_configure, create_index, or manage index privilege.

Automatic data stream creation requires a matching index template with data stream enabled.

NOTE: Replica shards might not all be started when an indexing operation returns successfully. By default, only the primary is required. Set wait_for_active_shards to change this default behavior.

Automatically create data streams and indices

If the request's target doesn't exist and matches an index template with a data_stream definition, the index operation automatically creates the data stream.

If the target doesn't exist and doesn't match a data stream template, the operation automatically creates the index and applies any matching index templates.

NOTE: Elasticsearch includes several built-in index templates. To avoid naming collisions with these templates, refer to index pattern documentation.

If no mapping exists, the index operation creates a dynamic mapping. By default, new fields and objects are automatically added to the mapping if needed.

Automatic index creation is controlled by the action.auto_create_index setting. If it is true, any index can be created automatically. You can modify this setting to explicitly allow or block automatic creation of indices that match specified patterns or set it to false to turn off automatic index creation entirely. Specify a comma-separated list of patterns you want to allow or prefix each pattern with + or - to indicate whether it should be allowed or blocked. When a list is specified, the default behaviour is to disallow.

NOTE: The action.auto_create_index setting affects the automatic creation of indices only. It does not affect the creation of data streams.

Optimistic concurrency control

Index operations can be made conditional and only be performed if the last modification to the document was assigned the sequence number and primary term specified by the if_seq_no and if_primary_term parameters. If a mismatch is detected, the operation will result in a VersionConflictException and a status code of 409.

Routing

By default, shard placement — or routing — is controlled by using a hash of the document's ID value. For more explicit control, the value fed into the hash function used by the router can be directly specified on a per-operation basis using the routing parameter.

When setting up explicit mapping, you can also use the _routing field to direct the index operation to extract the routing value from the document itself. This does come at the (very minimal) cost of an additional document parsing pass. If the _routing mapping is defined and set to be required, the index operation will fail if no routing value is provided or extracted.

NOTE: Data streams do not support custom routing unless they were created with the allow_custom_routing setting enabled in the template.

Distributed

The index operation is directed to the primary shard based on its route and performed on the actual node containing this shard. After the primary shard completes the operation, if needed, the update is distributed to applicable replicas.

Active shards

To improve the resiliency of writes to the system, indexing operations can be configured to wait for a certain number of active shard copies before proceeding with the operation. If the requisite number of active shard copies are not available, then the write operation must wait and retry, until either the requisite shard copies have started or a timeout occurs. By default, write operations only wait for the primary shards to be active before proceeding (that is to say wait_for_active_shards is 1). This default can be overridden in the index settings dynamically by setting index.write.wait_for_active_shards. To alter this behavior per operation, use the wait_for_active_shards request parameter.

Valid values are all or any positive integer up to the total number of configured copies per shard in the index (which is number_of_replicas+1). Specifying a negative value or a number greater than the number of shard copies will throw an error.

For example, suppose you have a cluster of three nodes, A, B, and C and you create an index index with the number of replicas set to 3 (resulting in 4 shard copies, one more copy than there are nodes). If you attempt an indexing operation, by default the operation will only ensure the primary copy of each shard is available before proceeding. This means that even if B and C went down and A hosted the primary shard copies, the indexing operation would still proceed with only one copy of the data. If wait_for_active_shards is set on the request to 3 (and all three nodes are up), the indexing operation will require 3 active shard copies before proceeding. This requirement should be met because there are 3 active nodes in the cluster, each one holding a copy of the shard. However, if you set wait_for_active_shards to all (or to 4, which is the same in this situation), the indexing operation will not proceed as you do not have all 4 copies of each shard active in the index. The operation will timeout unless a new node is brought up in the cluster to host the fourth copy of the shard.

It is important to note that this setting greatly reduces the chances of the write operation not writing to the requisite number of shard copies, but it does not completely eliminate the possibility, because this check occurs before the write operation starts. After the write operation is underway, it is still possible for replication to fail on any number of shard copies but still succeed on the primary. The _shards section of the API response reveals the number of shard copies on which replication succeeded and failed.

No operation (noop) updates

When updating a document by using this API, a new version of the document is always created even if the document hasn't changed. If this isn't acceptable use the _update API with detect_noop set to true. The detect_noop option isn't available on this API because it doesn’t fetch the old source and isn't able to compare it against the new source.

There isn't a definitive rule for when noop updates aren't acceptable. It's a combination of lots of factors like how frequently your data source sends updates that are actually noops and how many queries per second Elasticsearch runs on the shard receiving the updates.

Versioning

Each indexed document is given a version number. By default, internal versioning is used that starts at 1 and increments with each update, deletes included. Optionally, the version number can be set to an external value (for example, if maintained in a database). To enable this functionality, version_type should be set to external. The value provided must be a numeric, long value greater than or equal to 0, and less than around 9.2e+18.

NOTE: Versioning is completely real time, and is not affected by the near real time aspects of search operations. If no version is provided, the operation runs without any version checks.

When using the external version type, the system checks to see if the version number passed to the index request is greater than the version of the currently stored document. If true, the document will be indexed and the new version number used. If the value provided is less than or equal to the stored document's version number, a version conflict will occur and the index operation will fail. For example:

PUT my-index-000001/_doc/1?version=2&version_type=external
{
  "user": {
    "id": "elkbee"
  }
}

In this example, the operation will succeed since the supplied version of 2 is higher than the current document version of 1.
If the document was already updated and its version was set to 2 or higher, the indexing command will fail and result in a conflict (409 HTTP status code).

A nice side effect is that there is no need to maintain strict ordering of async indexing operations run as a result of changes to a source database, as long as version numbers from the source database are used.
Even the simple case of updating the Elasticsearch index using data from a database is simplified if external versioning is used, as only the latest version will be used if the index operations arrive out of order.

External documentation

Path parameters

index string Required

The name of the data stream or index to target. If the target doesn't exist and matches the name or wildcard (*) pattern of an index template with a data_stream definition, this request creates the data stream. If the target doesn't exist and doesn't match a data stream template, this request creates the index. You can check for existing targets with the resolve index API.
id string Required

A unique identifier for the document. To automatically generate a document ID, use the POST /<target>/_doc/ request format and omit this parameter.

Query parameters

if_primary_term number

Only perform the operation if the document has this primary term.
if_seq_no number

Only perform the operation if the document has this sequence number.
include_source_on_error boolean

True or false if to include the document source in the error message in case of parsing errors.
op_type string
Set to create to only index the document if it does not already exist (put if absent). If a document with the specified _id already exists, the indexing operation will fail. The behavior is the same as using the <index>/_create endpoint. If a document ID is specified, this paramater defaults to index. Otherwise, it defaults to create. If the request targets a data stream, an op_type of create is required.

Supported values include:
- index: Overwrite any documents that already exist.
- create: Only index documents that do not already exist.
Values are index or create.
pipeline string

The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, then setting the value to _none disables the default ingest pipeline for this request. If a final pipeline is configured it will always run, regardless of the value of this parameter.
refresh string

If true, Elasticsearch refreshes the affected shards to make this operation visible to search. If wait_for, it waits for a refresh to make this operation visible to search. If false, it does nothing with refreshes.

Values are true, false, or wait_for.
routing string

A custom value that is used to route operations to a specific shard.
timeout string

The period the request waits for the following operations: automatic index creation, dynamic mapping updates, waiting for active shards.

This parameter is useful for situations where the primary shard assigned to perform the operation might not be available when the operation runs. Some reasons for this might be that the primary shard is currently recovering from a gateway or undergoing relocation. By default, the operation will wait on the primary shard to become available for at least 1 minute before failing and responding with an error. The actual wait time could be longer, particularly when multiple waits occur.
version number

An explicit version number for concurrency control. It must be a non-negative long number.
version_type string
The version type.

Supported values include:
- internal: Use internal versioning that starts at 1 and increments with each update or delete.
- external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.
- external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data.
- force: This option is deprecated because it can cause primary and replica shards to diverge.
Values are internal, external, external_gte, or force.
wait_for_active_shards number | string

The number of shard copies that must be active before proceeding with the operation. You can set it to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The default value of 1 means it waits for each primary shard to be active.
require_alias boolean

If true, the destination must be an index alias.

application/json

Body Required

object

Responses

200 application/json
Hide response attributes Show response attributes object
- _id string Required
- _index string Required
- _primary_term number
  
  The primary term assigned to the document for the indexing operation.
- result string Required
  
  Values are created, updated, deleted, not_found, or noop.
- _seq_no number
- _shards object Required
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  shard number Required
  
  status string
  
  skipped number
- _version number Required
- forced_refresh boolean

POST /{index}/_doc/{id}

curl \
 --request POST 'http://api.example.com/{index}/_doc/{id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"@timestamp\": \"2099-11-15T13:12:00\",\n  \"message\": \"GET /search HTTP/1.1 200 1070000\",\n  \"user\": {\n    \"id\": \"kimchy\"\n  }\n}"'

Request examples

Run `POST my-index-000001/_doc/` to index a document. When you use the `POST /<target>/_doc/` request format, the `op_type` is automatically set to `create` and the index operation generates a unique ID for the document.

{
  "@timestamp": "2099-11-15T13:12:00",
  "message": "GET /search HTTP/1.1 200 1070000",
  "user": {
    "id": "kimchy"
  }
}

Run `PUT my-index-000001/_doc/1` to insert a JSON document into the `my-index-000001` index with an `_id` of 1.

{
  "@timestamp": "2099-11-15T13:12:00",
  "message": "GET /search HTTP/1.1 200 1070000",
  "user": {
    "id": "kimchy"
  }
}

Response examples (200)

A successful response from `POST my-index-000001/_doc/`, which contains an automated document ID.

{
  "_shards": {
    "total": 2,
    "failed": 0,
    "successful": 2
  },
  "_index": "my-index-000001",
  "_id": "W0tpsmIBdwcYyG50zbta",
  "_version": 1,
  "_seq_no": 0,
  "_primary_term": 1,
  "result": "created"
}

A successful response from `PUT my-index-000001/_doc/1`.

{
  "_shards": {
    "total": 2,
    "failed": 0,
    "successful": 2
  },
  "_index": "my-index-000001",
  "_id": "1",
  "_version": 1,
  "_seq_no": 0,
  "_primary_term": 1,
  "result": "created"
}

Throttle a reindex operation Added in 2.4.0

POST /_reindex/{task_id}/_rethrottle

Api key auth Basic auth Bearer auth

Change the number of requests per second for a particular reindex operation. For example:

POST _reindex/r1A2WoRbTwKZ516z6NEs5A:36619/_rethrottle?requests_per_second=-1

Rethrottling that speeds up the query takes effect immediately. Rethrottling that slows down the query will take effect after completing the current batch. This behavior prevents scroll timeouts.

Path parameters

task_id string Required

The task identifier, which can be found by using the tasks API.

Query parameters

requests_per_second number

The throttle for this request in sub-requests per second. It can be either -1 to turn off throttling or any decimal number like 1.7 or 12 to throttle to that level.

Responses

200 application/json
Hide response attribute Show response attribute object
- nodes object Required

POST /_reindex/{task_id}/_rethrottle

curl \
 --request POST 'http://api.example.com/_reindex/{task_id}/_rethrottle' \
 --header "Authorization: $API_KEY"

Get term vector information

GET /{index}/_termvectors

Api key auth Basic auth Bearer auth

Get information and statistics about terms in the fields of a particular document.

You can retrieve term vectors for documents stored in the index or for artificial documents passed in the body of the request. You can specify the fields you are interested in through the fields parameter or by adding the fields to the request body. For example:

GET /my-index-000001/_termvectors/1?fields=message

Fields can be specified using wildcards, similar to the multi match query.

Term vectors are real-time by default, not near real-time. This can be changed by setting realtime parameter to false.

You can request three types of values: term information, term statistics, and field statistics. By default, all term information and field statistics are returned for all fields but term statistics are excluded.

Term information

term frequency in the field (always returned)
term positions (positions: true)
start and end offsets (offsets: true)
term payloads (payloads: true), as base64 encoded bytes

If the requested information wasn't stored in the index, it will be computed on the fly if possible. Additionally, term vectors could be computed for documents not even existing in the index, but instead provided by the user.

Start and end offsets assume UTF-16 encoding is being used. If you want to use these offsets in order to get the original text that produced this token, you should make sure that the string you are taking a sub-string of is also encoded using UTF-16.

Behaviour

The term and field statistics are not accurate. Deleted documents are not taken into account. The information is only retrieved for the shard the requested document resides in. The term and field statistics are therefore only useful as relative measures whereas the absolute numbers have no meaning in this context. By default, when requesting term vectors of artificial documents, a shard to get the statistics from is randomly selected. Use routing only to hit a particular shard.

Path parameters

index string Required

The name of the index that contains the document.

Query parameters

fields string | array[string]

A comma-separated list or wildcard expressions of fields to include in the statistics. It is used as the default list unless a specific field list is provided in the completion_fields or fielddata_fields parameters.
field_statistics boolean
If true, the response includes:
- The document count (how many documents contain this field).
- The sum of document frequencies (the sum of document frequencies for all terms in this field).
- The sum of total term frequencies (the sum of total term frequencies of each term in this field).
offsets boolean

If true, the response includes term offsets.
payloads boolean

If true, the response includes term payloads.
positions boolean

If true, the response includes term positions.
preference string

The node or shard the operation should be performed on. It is random by default.
realtime boolean

If true, the request is real-time as opposed to near-real-time.
routing string

A custom value that is used to route operations to a specific shard.
term_statistics boolean
If true, the response includes:
- The total term frequency (how often a term occurs in all documents).
- The document frequency (the number of documents containing the current term).
By default these values are not returned since term statistics can have a serious performance impact.
version number

If true, returns the document version as part of a hit.
version_type string
The version type.

Supported values include:
- internal: Use internal versioning that starts at 1 and increments with each update or delete.
- external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.
- external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data.
- force: This option is deprecated because it can cause primary and replica shards to diverge.
Values are internal, external, external_gte, or force.

application/json

Body

doc object

An artificial document (a document not present in the index) for which you want to retrieve term vectors.
filter object
Hide filter attributes Show filter attributes object
- max_doc_freq number
  
  Ignore words which occur in more than this many docs. Defaults to unbounded.
- max_num_terms number
  
  The maximum number of terms that must be returned per field.
- max_term_freq number
  
  Ignore words with more than this frequency in the source doc. It defaults to unbounded.
- max_word_length number
  
  The maximum word length above which words will be ignored. Defaults to unbounded.
- min_doc_freq number
  
  Ignore terms which do not occur in at least this many docs.
- min_term_freq number
  
  Ignore words with less than this frequency in the source doc.
- min_word_length number
  
  The minimum word length below which words will be ignored.
per_field_analyzer object

Override the default per-field analyzer. This is useful in order to generate term vectors in any fashion, especially when using artificial documents. When providing an analyzer for a field that already stores term vectors, the term vectors will be regenerated.
Hide per_field_analyzer attribute Show per_field_analyzer attribute object
- * string Additional properties
fields string | array[string]
field_statistics boolean
If true, the response includes:
- The document count (how many documents contain this field).
- The sum of document frequencies (the sum of document frequencies for all terms in this field).
- The sum of total term frequencies (the sum of total term frequencies of each term in this field).
offsets boolean

If true, the response includes term offsets.
payloads boolean

If true, the response includes term payloads.
positions boolean

If true, the response includes term positions.
term_statistics boolean
If true, the response includes:
- The total term frequency (how often a term occurs in all documents).
- The document frequency (the number of documents containing the current term).
By default these values are not returned since term statistics can have a serious performance impact.
routing string
version number
version_type string

Values are internal, external, external_gte, or force.

Responses

200 application/json
Hide response attributes Show response attributes object
- found boolean Required
- _id string
- _index string Required
- term_vectors object
  
  Hide term_vectors attribute Show term_vectors attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  field_statistics object
  
  Hide field_statistics attributes Show field_statistics attributes object
  
  doc_count number Required
  
  sum_doc_freq number Required
  
  sum_ttf number Required
  
  terms object Required
  
  Hide terms attribute Show terms attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  doc_freq number
  
  score number
  
  term_freq number Required
  
  tokens array[object]
  
  ttf number
- took number Required
- _version number Required

GET /{index}/_termvectors

curl \
 --request GET 'http://api.example.com/{index}/_termvectors' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"fields\" : [\"text\"],\n  \"offsets\" : true,\n  \"payloads\" : true,\n  \"positions\" : true,\n  \"term_statistics\" : true,\n  \"field_statistics\" : true\n}"'

Request examples

Run `GET /my-index-000001/_termvectors/1` to return all information and statistics for field `text` in document 1.

{
  "fields" : ["text"],
  "offsets" : true,
  "payloads" : true,
  "positions" : true,
  "term_statistics" : true,
  "field_statistics" : true
}

Run `GET /my-index-000001/_termvectors/1` to set per-field analyzers. A different analyzer than the one at the field may be provided by using the `per_field_analyzer` parameter.

{
  "doc" : {
    "fullname" : "John Doe",
    "text" : "test test test"
  },
  "fields": ["fullname"],
  "per_field_analyzer" : {
    "fullname": "keyword"
  }
}

Run `GET /imdb/_termvectors` to filter the terms returned based on their tf-idf scores. It returns the three most "interesting" keywords from the artificial document having the given "plot" field value. Notice that the keyword "Tony" or any stop words are not part of the response, as their tf-idf must be too low.

{
  "doc": {
    "plot": "When wealthy industrialist Tony Stark is forced to build an armored suit after a life-threatening incident, he ultimately decides to use its technology to fight against evil."
  },
  "term_statistics": true,
  "field_statistics": true,
  "positions": false,
  "offsets": false,
  "filter": {
    "max_num_terms": 3,
    "min_term_freq": 1,
    "min_doc_freq": 1
  }
}

Run `GET /my-index-000001/_termvectors/1`. Term vectors which are not explicitly stored in the index are automatically computed on the fly. This request returns all information and statistics for the fields in document 1, even though the terms haven't been explicitly stored in the index. Note that for the field text, the terms are not regenerated.

{
  "fields" : ["text", "some_field_without_term_vectors"],
  "offsets" : true,
  "positions" : true,
  "term_statistics" : true,
  "field_statistics" : true
}

Run `GET /my-index-000001/_termvectors`. Term vectors can be generated for artificial documents, that is for documents not present in the index. If dynamic mapping is turned on (default), the document fields not in the original mapping will be dynamically created.

{
  "doc" : {
    "fullname" : "John Doe",
    "text" : "test test test"
  }
}

Response examples (200)

A successful response from `GET /my-index-000001/_termvectors/1`.

{
  "_index": "my-index-000001",
  "_id": "1",
  "_version": 1,
  "found": true,
  "took": 6,
  "term_vectors": {
    "text": {
      "field_statistics": {
        "sum_doc_freq": 4,
        "doc_count": 2,
        "sum_ttf": 6
      },
      "terms": {
        "test": {
          "doc_freq": 2,
          "ttf": 4,
          "term_freq": 3,
          "tokens": [
            {
              "position": 0,
              "start_offset": 0,
              "end_offset": 4,
              "payload": "d29yZA=="
            },
            {
              "position": 1,
              "start_offset": 5,
              "end_offset": 9,
              "payload": "d29yZA=="
            },
            {
              "position": 2,
              "start_offset": 10,
              "end_offset": 14,
              "payload": "d29yZA=="
            }
          ]
        }
      }
    }
  }
}

A successful response from `GET /my-index-000001/_termvectors` with `per_field_analyzer` in the request body.

{
  "_index": "my-index-000001",
  "_version": 0,
  "found": true,
  "took": 6,
  "term_vectors": {
    "fullname": {
      "field_statistics": {
          "sum_doc_freq": 2,
          "doc_count": 4,
          "sum_ttf": 4
      },
      "terms": {
          "John Doe": {
            "term_freq": 1,
            "tokens": [
                {
                  "position": 0,
                  "start_offset": 0,
                  "end_offset": 8
                }
            ]
          }
      }
    }
  }
}

A successful response from `GET /my-index-000001/_termvectors` with a `filter` in the request body.

{
  "_index": "imdb",
  "_version": 0,
  "found": true,
  "term_vectors": {
      "plot": {
        "field_statistics": {
            "sum_doc_freq": 3384269,
            "doc_count": 176214,
            "sum_ttf": 3753460
        },
        "terms": {
            "armored": {
              "doc_freq": 27,
              "ttf": 27,
              "term_freq": 1,
              "score": 9.74725
            },
            "industrialist": {
              "doc_freq": 88,
              "ttf": 88,
              "term_freq": 1,
              "score": 8.590818
            },
            "stark": {
              "doc_freq": 44,
              "ttf": 47,
              "term_freq": 1,
              "score": 9.272792
            }
        }
      }
  }
}

Get term vector information

POST /{index}/_termvectors

Api key auth Basic auth Bearer auth

Get information and statistics about terms in the fields of a particular document.

You can retrieve term vectors for documents stored in the index or for artificial documents passed in the body of the request. You can specify the fields you are interested in through the fields parameter or by adding the fields to the request body. For example:

GET /my-index-000001/_termvectors/1?fields=message

Fields can be specified using wildcards, similar to the multi match query.

Term vectors are real-time by default, not near real-time. This can be changed by setting realtime parameter to false.

You can request three types of values: term information, term statistics, and field statistics. By default, all term information and field statistics are returned for all fields but term statistics are excluded.

Term information

term frequency in the field (always returned)
term positions (positions: true)
start and end offsets (offsets: true)
term payloads (payloads: true), as base64 encoded bytes

If the requested information wasn't stored in the index, it will be computed on the fly if possible. Additionally, term vectors could be computed for documents not even existing in the index, but instead provided by the user.

Start and end offsets assume UTF-16 encoding is being used. If you want to use these offsets in order to get the original text that produced this token, you should make sure that the string you are taking a sub-string of is also encoded using UTF-16.

Behaviour

The term and field statistics are not accurate. Deleted documents are not taken into account. The information is only retrieved for the shard the requested document resides in. The term and field statistics are therefore only useful as relative measures whereas the absolute numbers have no meaning in this context. By default, when requesting term vectors of artificial documents, a shard to get the statistics from is randomly selected. Use routing only to hit a particular shard.

Path parameters

index string Required

The name of the index that contains the document.

Query parameters

fields string | array[string]

A comma-separated list or wildcard expressions of fields to include in the statistics. It is used as the default list unless a specific field list is provided in the completion_fields or fielddata_fields parameters.
field_statistics boolean
If true, the response includes:
- The document count (how many documents contain this field).
- The sum of document frequencies (the sum of document frequencies for all terms in this field).
- The sum of total term frequencies (the sum of total term frequencies of each term in this field).
offsets boolean

If true, the response includes term offsets.
payloads boolean

If true, the response includes term payloads.
positions boolean

If true, the response includes term positions.
preference string

The node or shard the operation should be performed on. It is random by default.
realtime boolean

If true, the request is real-time as opposed to near-real-time.
routing string

A custom value that is used to route operations to a specific shard.
term_statistics boolean
If true, the response includes:
- The total term frequency (how often a term occurs in all documents).
- The document frequency (the number of documents containing the current term).
By default these values are not returned since term statistics can have a serious performance impact.
version number

If true, returns the document version as part of a hit.
version_type string
The version type.

Supported values include:
- internal: Use internal versioning that starts at 1 and increments with each update or delete.
- external: Only index the document if the specified version is strictly higher than the version of the stored document or if there is no existing document.
- external_gte: Only index the document if the specified version is equal or higher than the version of the stored document or if there is no existing document. NOTE: The external_gte version type is meant for special use cases and should be used with care. If used incorrectly, it can result in loss of data.
- force: This option is deprecated because it can cause primary and replica shards to diverge.
Values are internal, external, external_gte, or force.

application/json

Body

doc object

An artificial document (a document not present in the index) for which you want to retrieve term vectors.
filter object
Hide filter attributes Show filter attributes object
- max_doc_freq number
  
  Ignore words which occur in more than this many docs. Defaults to unbounded.
- max_num_terms number
  
  The maximum number of terms that must be returned per field.
- max_term_freq number
  
  Ignore words with more than this frequency in the source doc. It defaults to unbounded.
- max_word_length number
  
  The maximum word length above which words will be ignored. Defaults to unbounded.
- min_doc_freq number
  
  Ignore terms which do not occur in at least this many docs.
- min_term_freq number
  
  Ignore words with less than this frequency in the source doc.
- min_word_length number
  
  The minimum word length below which words will be ignored.
per_field_analyzer object

Override the default per-field analyzer. This is useful in order to generate term vectors in any fashion, especially when using artificial documents. When providing an analyzer for a field that already stores term vectors, the term vectors will be regenerated.
Hide per_field_analyzer attribute Show per_field_analyzer attribute object
- * string Additional properties
fields string | array[string]
field_statistics boolean
If true, the response includes:
- The document count (how many documents contain this field).
- The sum of document frequencies (the sum of document frequencies for all terms in this field).
- The sum of total term frequencies (the sum of total term frequencies of each term in this field).
offsets boolean

If true, the response includes term offsets.
payloads boolean

If true, the response includes term payloads.
positions boolean

If true, the response includes term positions.
term_statistics boolean
If true, the response includes:
- The total term frequency (how often a term occurs in all documents).
- The document frequency (the number of documents containing the current term).
By default these values are not returned since term statistics can have a serious performance impact.
routing string
version number
version_type string

Values are internal, external, external_gte, or force.

Responses

200 application/json
Hide response attributes Show response attributes object
- found boolean Required
- _id string
- _index string Required
- term_vectors object
  
  Hide term_vectors attribute Show term_vectors attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  field_statistics object
  
  Hide field_statistics attributes Show field_statistics attributes object
  
  doc_count number Required
  
  sum_doc_freq number Required
  
  sum_ttf number Required
  
  terms object Required
  
  Hide terms attribute Show terms attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  doc_freq number
  
  score number
  
  term_freq number Required
  
  tokens array[object]
  
  ttf number
- took number Required
- _version number Required

POST /{index}/_termvectors

curl \
 --request POST 'http://api.example.com/{index}/_termvectors' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"fields\" : [\"text\"],\n  \"offsets\" : true,\n  \"payloads\" : true,\n  \"positions\" : true,\n  \"term_statistics\" : true,\n  \"field_statistics\" : true\n}"'

Request examples

Run `GET /my-index-000001/_termvectors/1` to return all information and statistics for field `text` in document 1.

{
  "fields" : ["text"],
  "offsets" : true,
  "payloads" : true,
  "positions" : true,
  "term_statistics" : true,
  "field_statistics" : true
}

Run `GET /my-index-000001/_termvectors/1` to set per-field analyzers. A different analyzer than the one at the field may be provided by using the `per_field_analyzer` parameter.

{
  "doc" : {
    "fullname" : "John Doe",
    "text" : "test test test"
  },
  "fields": ["fullname"],
  "per_field_analyzer" : {
    "fullname": "keyword"
  }
}

Run `GET /imdb/_termvectors` to filter the terms returned based on their tf-idf scores. It returns the three most "interesting" keywords from the artificial document having the given "plot" field value. Notice that the keyword "Tony" or any stop words are not part of the response, as their tf-idf must be too low.

{
  "doc": {
    "plot": "When wealthy industrialist Tony Stark is forced to build an armored suit after a life-threatening incident, he ultimately decides to use its technology to fight against evil."
  },
  "term_statistics": true,
  "field_statistics": true,
  "positions": false,
  "offsets": false,
  "filter": {
    "max_num_terms": 3,
    "min_term_freq": 1,
    "min_doc_freq": 1
  }
}

Run `GET /my-index-000001/_termvectors/1`. Term vectors which are not explicitly stored in the index are automatically computed on the fly. This request returns all information and statistics for the fields in document 1, even though the terms haven't been explicitly stored in the index. Note that for the field text, the terms are not regenerated.

{
  "fields" : ["text", "some_field_without_term_vectors"],
  "offsets" : true,
  "positions" : true,
  "term_statistics" : true,
  "field_statistics" : true
}

Run `GET /my-index-000001/_termvectors`. Term vectors can be generated for artificial documents, that is for documents not present in the index. If dynamic mapping is turned on (default), the document fields not in the original mapping will be dynamically created.

{
  "doc" : {
    "fullname" : "John Doe",
    "text" : "test test test"
  }
}

Response examples (200)

A successful response from `GET /my-index-000001/_termvectors/1`.

{
  "_index": "my-index-000001",
  "_id": "1",
  "_version": 1,
  "found": true,
  "took": 6,
  "term_vectors": {
    "text": {
      "field_statistics": {
        "sum_doc_freq": 4,
        "doc_count": 2,
        "sum_ttf": 6
      },
      "terms": {
        "test": {
          "doc_freq": 2,
          "ttf": 4,
          "term_freq": 3,
          "tokens": [
            {
              "position": 0,
              "start_offset": 0,
              "end_offset": 4,
              "payload": "d29yZA=="
            },
            {
              "position": 1,
              "start_offset": 5,
              "end_offset": 9,
              "payload": "d29yZA=="
            },
            {
              "position": 2,
              "start_offset": 10,
              "end_offset": 14,
              "payload": "d29yZA=="
            }
          ]
        }
      }
    }
  }
}

A successful response from `GET /my-index-000001/_termvectors` with `per_field_analyzer` in the request body.

{
  "_index": "my-index-000001",
  "_version": 0,
  "found": true,
  "took": 6,
  "term_vectors": {
    "fullname": {
      "field_statistics": {
          "sum_doc_freq": 2,
          "doc_count": 4,
          "sum_ttf": 4
      },
      "terms": {
          "John Doe": {
            "term_freq": 1,
            "tokens": [
                {
                  "position": 0,
                  "start_offset": 0,
                  "end_offset": 8
                }
            ]
          }
      }
    }
  }
}

A successful response from `GET /my-index-000001/_termvectors` with a `filter` in the request body.

{
  "_index": "imdb",
  "_version": 0,
  "found": true,
  "term_vectors": {
      "plot": {
        "field_statistics": {
            "sum_doc_freq": 3384269,
            "doc_count": 176214,
            "sum_ttf": 3753460
        },
        "terms": {
            "armored": {
              "doc_freq": 27,
              "ttf": 27,
              "term_freq": 1,
              "score": 9.74725
            },
            "industrialist": {
              "doc_freq": 88,
              "ttf": 88,
              "term_freq": 1,
              "score": 8.590818
            },
            "stark": {
              "doc_freq": 44,
              "ttf": 47,
              "term_freq": 1,
              "score": 9.272792
            }
        }
      }
  }
}

Update documents Added in 2.4.0

POST /{index}/_update_by_query

Api key auth Basic auth Bearer auth

Updates documents that match the specified query. If no query is specified, performs an update on every document in the data stream or index without modifying the source, which is useful for picking up mapping changes.

If the Elasticsearch security features are enabled, you must have the following index privileges for the target data stream, index, or alias:

read
index or write

You can specify the query criteria in the request URI or the request body using the same syntax as the search API.

When you submit an update by query request, Elasticsearch gets a snapshot of the data stream or index when it begins processing the request and updates matching documents using internal versioning. When the versions match, the document is updated and the version number is incremented. If a document changes between the time that the snapshot is taken and the update operation is processed, it results in a version conflict and the operation fails. You can opt to count version conflicts instead of halting and returning by setting conflicts to proceed. Note that if you opt to count version conflicts, the operation could attempt to update more documents from the source than max_docs until it has successfully updated max_docs documents or it has gone through every document in the source query.

NOTE: Documents with a version equal to 0 cannot be updated using update by query because internal versioning does not support 0 as a valid version number.

While processing an update by query request, Elasticsearch performs multiple search requests sequentially to find all of the matching documents. A bulk update request is performed for each batch of matching documents. Any query or update failures cause the update by query request to fail and the failures are shown in the response. Any update requests that completed successfully still stick, they are not rolled back.

Throttling update requests

To control the rate at which update by query issues batches of update operations, you can set requests_per_second to any positive decimal number. This pads each batch with a wait time to throttle the rate. Set requests_per_second to -1 to turn off throttling.

Throttling uses a wait time between batches so that the internal scroll requests can be given a timeout that takes the request padding into account. The padding time is the difference between the batch size divided by the requests_per_second and the time spent writing. By default the batch size is 1000, so if requests_per_second is set to 500:

target_time = 1000 / 500 per second = 2 seconds
wait_time = target_time - write_time = 2 seconds - .5 seconds = 1.5 seconds

Since the batch is issued as a single _bulk request, large batch sizes cause Elasticsearch to create many requests and wait before starting the next set. This is "bursty" instead of "smooth".

Slicing

Update by query supports sliced scroll to parallelize the update process. This can improve efficiency and provide a convenient way to break the request down into smaller parts.

Setting slices to auto chooses a reasonable number for most data streams and indices. This setting will use one slice per shard, up to a certain limit. If there are multiple source data streams or indices, it will choose the number of slices based on the index or backing index with the smallest number of shards.

Adding slices to _update_by_query just automates the manual process of creating sub-requests, which means it has some quirks:

You can see these requests in the tasks APIs. These sub-requests are "child" tasks of the task for the request with slices.
Fetching the status of the task for the request with slices only contains the status of completed slices.
These sub-requests are individually addressable for things like cancellation and rethrottling.
Rethrottling the request with slices will rethrottle the unfinished sub-request proportionally.
Canceling the request with slices will cancel each sub-request.
Due to the nature of slices each sub-request won't get a perfectly even portion of the documents. All documents will be addressed, but some slices may be larger than others. Expect larger slices to have a more even distribution.
Parameters like requests_per_second and max_docs on a request with slices are distributed proportionally to each sub-request. Combine that with the point above about distribution being uneven and you should conclude that using max_docs with slices might not result in exactly max_docs documents being updated.
Each sub-request gets a slightly different snapshot of the source data stream or index though these are all taken at approximately the same time.

If you're slicing manually or otherwise tuning automatic slicing, keep in mind that:

Query performance is most efficient when the number of slices is equal to the number of shards in the index or backing index. If that number is large (for example, 500), choose a lower number as too many slices hurts performance. Setting slices higher than the number of shards generally does not improve efficiency and adds overhead.
Update performance scales linearly across available resources with the number of slices.

Whether query or update performance dominates the runtime depends on the documents being reindexed and cluster resources.

Update the document source

Update by query supports scripts to update the document source. As with the update API, you can set ctx.op to change the operation that is performed.

Set ctx.op = "noop" if your script decides that it doesn't have to make any changes. The update by query operation skips updating the document and increments the noop counter.

Set ctx.op = "delete" if your script decides that the document should be deleted. The update by query operation deletes the document and increments the deleted counter.

Update by query supports only index, noop, and delete. Setting ctx.op to anything else is an error. Setting any other field in ctx is an error. This API enables you to only modify the source of matching documents; you cannot move them.

Path parameters

index string | array[string] Required

A comma-separated list of data streams, indices, and aliases to search. It supports wildcards (*). To search all data streams or indices, omit this parameter or use * or _all.

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
analyzer string

The analyzer to use for the query string. This parameter can be used only when the q query string parameter is specified.
analyze_wildcard boolean

If true, wildcard and prefix queries are analyzed. This parameter can be used only when the q query string parameter is specified.
conflicts string
The preferred behavior when update by query hits version conflicts: abort or proceed.

Supported values include:
- abort: Stop reindexing if there are conflicts.
- proceed: Continue reindexing even if there are conflicts.
Values are abort or proceed.
default_operator string

The default operator for query string query: AND or OR. This parameter can be used only when the q query string parameter is specified.

Values are and, AND, or, or OR.
df string

The field to use as default where no field prefix is given in the query string. This parameter can be used only when the q query string parameter is specified.
expand_wildcards string | array[string]
The type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. It supports comma-separated values, such as open,hidden. Valid values are: all, open, closed, hidden, none.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
from number

Skips the specified number of documents.
ignore_unavailable boolean

If false, the request returns an error if it targets a missing or closed index.
lenient boolean

If true, format-based query failures (such as providing text to a numeric field) in the query string will be ignored. This parameter can be used only when the q query string parameter is specified.
max_docs number

The maximum number of documents to process. It defaults to all documents. When set to a value less then or equal to scroll_size then a scroll will not be used to retrieve the results for the operation.
pipeline string

The ID of the pipeline to use to preprocess incoming documents. If the index has a default ingest pipeline specified, then setting the value to _none disables the default ingest pipeline for this request. If a final pipeline is configured it will always run, regardless of the value of this parameter.
preference string

The node or shard the operation should be performed on. It is random by default.
q string

A query in the Lucene query string syntax.
refresh boolean

If true, Elasticsearch refreshes affected shards to make the operation visible to search after the request completes. This is different than the update API's refresh parameter, which causes just the shard that received the request to be refreshed.
request_cache boolean

If true, the request cache is used for this request. It defaults to the index-level setting.
requests_per_second number

The throttle for this request in sub-requests per second.
routing string

A custom value used to route operations to a specific shard.
scroll string

The period to retain the search context for scrolling.
scroll_size number

The size of the scroll request that powers the operation.
search_timeout string

An explicit timeout for each search request. By default, there is no timeout.
search_type string
The type of the search operation. Available options include query_then_fetch and dfs_query_then_fetch.

Supported values include:
- query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate.
- dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate.
Values are query_then_fetch or dfs_query_then_fetch.
slices number | string

The number of slices this task should be divided into.
sort array[string]

A comma-separated list of : pairs.
stats array[string]

The specific tag of the request for logging and statistical purposes.
terminate_after number

The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting.

IMPORTANT: Use with caution. Elasticsearch applies this parameter to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this parameter for requests that target data streams with backing indices across multiple data tiers.
timeout string

The period each update request waits for the following operations: dynamic mapping updates, waiting for active shards. By default, it is one minute. This guarantees Elasticsearch waits for at least the timeout before failing. The actual wait time could be longer, particularly when multiple waits occur.
version boolean

If true, returns the document version as part of a hit.
version_type boolean

Should the document increment the version number (internal) on hit or not (reindex)
wait_for_active_shards number | string

The number of shard copies that must be active before proceeding with the operation. Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1). The timeout parameter controls how long each write request waits for unavailable shards to become available. Both work exactly the way they work in the bulk API.
wait_for_completion boolean

If true, the request blocks until the operation is complete. If false, Elasticsearch performs some preflight checks, launches the request, and returns a task ID that you can use to cancel or get the status of the task. Elasticsearch creates a record of this task as a document at .tasks/task/${taskId}.

application/json

Body

max_docs number

The maximum number of documents to update.
query object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation
script object
Hide script attributes Show script attributes object
- source string
  
  The script source.
- id string
- params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  Hide params attribute Show params attribute object
  
  * object Additional properties
- lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
- options object
  Hide options attribute Show options attribute object
  
  * string Additional properties
slice object
Hide slice attributes Show slice attributes object
- field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- id string Required
- max number Required
conflicts string

Values are abort or proceed.

Responses

200 application/json
Hide response attributes Show response attributes object
- batches number
  
  The number of scroll responses pulled back by the update by query.
- failures array[object]
  
  Array of failures if there were any unrecoverable errors during the process. If this is non-empty then the request ended because of those failures. Update by query is implemented using batches. Any failure causes the entire process to end, but all failures in the current batch are collected into the array. You can use the conflicts option to prevent reindex from ending when version conflicts occur.
  
  Hide failures attributes Show failures attributes object
  
  cause object Required
  
  Hide cause attributes Show cause attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  id string Required
  
  index string Required
  
  status number Required
- noops number
  
  The number of documents that were ignored because the script used for the update by query returned a noop value for ctx.op.
- deleted number
  
  The number of documents that were successfully deleted.
- requests_per_second number
  
  The number of requests per second effectively run during the update by query.
- retries object
  
  Hide retries attributes Show retries attributes object
  
  bulk number Required
  
  The number of bulk actions retried.
  
  search number Required
  
  The number of search actions retried.
- task string | number
  
  One of:
  TaskId string TaskId number
- timed_out boolean
  
  If true, some requests timed out during the update by query.
- took number
  
  Time unit for milliseconds
- total number
  
  The number of documents that were successfully processed.
- updated number
  
  The number of documents that were successfully updated.
- version_conflicts number
  
  The number of version conflicts that the update by query hit.
- throttled string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- throttled_millis number
  
  Time unit for milliseconds
- throttled_until string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- throttled_until_millis number
  
  Time unit for milliseconds

POST /{index}/_update_by_query

curl \
 --request POST 'http://api.example.com/{index}/_update_by_query' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"query\": { \n    \"term\": {\n      \"user.id\": \"kimchy\"\n    }\n  }\n}"'

Request examples

Run `POST my-index-000001/_update_by_query?conflicts=proceed` to update documents that match a query.

{
  "query": { 
    "term": {
      "user.id": "kimchy"
    }
  }
}

Run `POST my-index-000001/_update_by_query` with a script to update the document source. It increments the `count` field for all documents with a `user.id` of `kimchy` in `my-index-000001`.

{
  "script": {
    "source": "ctx._source.count++",
    "lang": "painless"
  },
  "query": {
    "term": {
      "user.id": "kimchy"
    }
  }
}

Run `POST my-index-000001/_update_by_query` to slice an update by query manually. Provide a slice ID and total number of slices to each request.

{
  "slice": {
    "id": 0,
    "max": 2
  },
  "script": {
    "source": "ctx._source['extra'] = 'test'"
  }
}

Run `POST my-index-000001/_update_by_query?refresh&slices=5` to use automatic slicing. It automatically parallelizes using sliced scroll to slice on `_id`.

{
  "script": {
    "source": "ctx._source['extra'] = 'test'"
  }
}

Get the async EQL status Added in 7.9.0

GET /_eql/search/status/{id}

Api key auth Basic auth Bearer auth

Get the current status for an async EQL search or a stored synchronous EQL search without returning results.

Path parameters

id string Required

Identifier for the search.

Responses

200 application/json
Hide response attributes Show response attributes object
- id string Required
- is_partial boolean Required
  
  If true, the search request is still executing. If false, the search is completed.
- is_running boolean Required
  
  If true, the response does not contain complete search results. This could be because either the search is still running (is_running status is false), or because it is already completed (is_running status is true) and results are partial due to failures or timeouts.
- start_time_in_millis number
  
  Time unit for milliseconds
- expiration_time_in_millis number
  
  Time unit for milliseconds
- completion_status number
  
  For a completed search shows the http status code of the completed search.

GET /_eql/search/status/{id}

curl \
 --request GET 'http://api.example.com/_eql/search/status/{id}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response for getting status information for an async EQL search.

{
  "id": "FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=",
  "is_running" : true,
  "is_partial" : true,
  "start_time_in_millis" : 1611690235000,
  "expiration_time_in_millis" : 1611690295000
}

Get global checkpoints Added in 7.13.0

GET /{index}/_fleet/global_checkpoints

Api key auth Basic auth Bearer auth

Get the current global checkpoints for an index. This API is designed for internal use by the Fleet server project.

Path parameters

index string Required

A single index or index alias that resolves to a single index.

Query parameters

wait_for_advance boolean

A boolean value which controls whether to wait (until the timeout) for the global checkpoints to advance past the provided checkpoints.
wait_for_index boolean

A boolean value which controls whether to wait (until the timeout) for the target index to exist and all primary shards be active. Can only be true when wait_for_advance is true.
checkpoints array[number]

A comma separated list of previous global checkpoints. When used in combination with wait_for_advance, the API will only return once the global checkpoints advances past the checkpoints. Providing an empty list will cause Elasticsearch to immediately return the current global checkpoints.
timeout string

Period to wait for a global checkpoints to advance past checkpoints.

Responses

200 application/json
Hide response attributes Show response attributes object
- global_checkpoints array[number] Required
- timed_out boolean Required

GET /{index}/_fleet/global_checkpoints

curl \
 --request GET 'http://api.example.com/{index}/_fleet/global_checkpoints' \
 --header "Authorization: $API_KEY"

Executes several [fleet searches](https://www.elastic.co/guide/en/elasticsearch/reference/current/fleet-search.html) with a single API request Technical preview

POST /_fleet/_fleet_msearch

Api key auth Basic auth Bearer auth

The API follows the same structure as the multi search API. However, similar to the fleet search API, it supports the wait_for_checkpoints parameter.

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
ccs_minimize_roundtrips boolean

If true, network roundtrips between the coordinating node and remote clusters are minimized for cross-cluster search requests.
expand_wildcards string | array[string]
Type of index that wildcard expressions can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
ignore_throttled boolean

If true, concrete, expanded or aliased indices are ignored when frozen.
ignore_unavailable boolean

If true, missing or closed indices are not included in the response.
max_concurrent_searches number

Maximum number of concurrent searches the multi search API can execute.
max_concurrent_shard_requests number

Maximum number of concurrent shard requests that each sub-search request executes per node.
pre_filter_shard_size number

Defines a threshold that enforces a pre-filter roundtrip to prefilter search shards based on query rewriting if the number of shards the search request expands to exceeds the threshold. This filter roundtrip can limit the number of shards significantly if for instance a shard can not match any documents based on its rewrite method i.e., if date filters are mandatory to match but the shard bounds and the query are disjoint.
search_type string
Indicates whether global term and document frequencies should be used when scoring returned documents.

Supported values include:
- query_then_fetch: Documents are scored using local term and document frequencies for the shard. This is usually faster but less accurate.
- dfs_query_then_fetch: Documents are scored using global term and document frequencies across all shards. This is usually slower but more accurate.
Values are query_then_fetch or dfs_query_then_fetch.
rest_total_hits_as_int boolean

If true, hits.total are returned as an integer in the response. Defaults to false, which returns an object.
typed_keys boolean

Specifies whether aggregation and suggester names should be prefixed by their respective types in the response.
wait_for_checkpoints array[number]

A comma separated list of checkpoints. When configured, the search API will only be executed on a shard after the relevant checkpoint has become visible for search. Defaults to an empty list which will cause Elasticsearch to immediately execute the search.
allow_partial_search_results boolean

If true, returns partial results if there are shard request timeouts or shard failures. If false, returns an error with no partial results. Defaults to the configured cluster setting search.default_allow_partial_results which is true by default.

application/json

Body object Required

allow_no_indices boolean
expand_wildcards string | array[string]
ignore_unavailable boolean
index string | array[string]
preference string
request_cache boolean
routing string
search_type string

Values are query_then_fetch or dfs_query_then_fetch.
ccs_minimize_roundtrips boolean
allow_partial_search_results boolean
ignore_throttled boolean

aggregations object
External documentation
collapse object
External documentation
query object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation
explain boolean

If true, returns detailed information about score computation as part of a hit.
ext object

Configuration of search extensions defined by Elasticsearch plugins.
Hide ext attribute Show ext attribute object
- * object Additional properties
stored_fields string | array[string]
docvalue_fields array[object]

Array of wildcard (*) patterns. The request returns doc values for field names matching these patterns in the hits.fields property of the response.
Hide docvalue_fields attributes Show docvalue_fields attributes object
- field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- format string
  
  The format in which the values are returned.
- include_unmapped boolean
knn object | array[object]

Defines the approximate kNN search to run.
One of:
KnnSearch object array-2 array[object]
Hide attributes Show attributes

field string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

query_vector array[number]

query_vector_builder object

Hide query_vector_builder attribute Show query_vector_builder attribute object

text_embedding object

Hide text_embedding attributes Show text_embedding attributes object

model_id string Required

model_text string Required

k number

The final number of nearest neighbors to return as top hits

num_candidates number

The number of nearest neighbor candidates to consider per shard

boost number

Boost value to apply to kNN scores

filter object | array[object]

Filters for the kNN search query

One of:
QueryContainer object array-2 array[object]

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation

similarity number

The minimum similarity for a vector to be considered a match

inner_hits object

Hide inner_hits attributes Show inner_hits attributes object

name string

size number

The maximum number of hits to return per inner_hits.

from number

Inner hit starting document offset.

collapse object
External documentation

docvalue_fields array[object]

explain boolean

highlight object

ignore_unmapped boolean

script_fields object

Hide script_fields attribute Show script_fields attribute object

* object Additional properties

seq_no_primary_term boolean

fields array[string]

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

sort array[string | object]

_source boolean | object

Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.

One of:
SourceConfig boolean SourceFilter object

stored_fields string | array[string]

track_scores boolean

version boolean

rescore_vector object

Hide rescore_vector attribute Show rescore_vector attribute object

oversample number Required

Applies the specified oversample factor to k on the approximate kNN search
Hide attributes Show attributes object

field string Required

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

query_vector array[number]

query_vector_builder object

Hide query_vector_builder attribute Show query_vector_builder attribute object

text_embedding object

k number

The final number of nearest neighbors to return as top hits

num_candidates number

The number of nearest neighbor candidates to consider per shard

boost number

Boost value to apply to kNN scores

filter object | array[object]

Filters for the kNN search query

One of:
QueryContainer object array-2 array[object]

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

similarity number

The minimum similarity for a vector to be considered a match

inner_hits object

Hide inner_hits attributes Show inner_hits attributes object

name string

size number

The maximum number of hits to return per inner_hits.

from number

Inner hit starting document offset.

collapse object

docvalue_fields array[object]

explain boolean

highlight

ignore_unmapped boolean

script_fields object

seq_no_primary_term boolean

fields array[string]

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

sort

_source

stored_fields string | array[string]

track_scores boolean

version boolean

rescore_vector object

Hide rescore_vector attribute Show rescore_vector attribute object

oversample number Required

Applies the specified oversample factor to k on the approximate kNN search
from number

Starting document offset. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.
highlight object
Hide highlight attributes Show highlight attributes object
- type string
  
  Any of:
  HighlighterType string HighlighterType string
  
  Values are plain, fvh, or unified.
- boundary_chars string
  
  A string that contains each boundary character.
- boundary_max_scan number
  
  How far to scan for boundary characters.
- boundary_scanner string
  
  Values are chars, sentence, or word.
- boundary_scanner_locale string
  
  Controls which locale is used to search for sentence and word boundaries. This parameter takes a form of a language tag, for example: "en-US", "fr-FR", "ja-JP".
- force_source boolean Deprecated
- fragmenter string
  
  Values are simple or span.
- fragment_size number
  
  The size of the highlighted fragment in characters.
- highlight_filter boolean
- highlight_query object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
- max_fragment_length number
- max_analyzed_offset number
  
  If set to a non-negative value, highlighting stops at this defined maximum limit. The rest of the text is not processed, thus not highlighted and no error is returned The max_analyzed_offset query setting does not override the index.highlight.max_analyzed_offset setting, which prevails when it’s set to lower value than the query setting.
- no_match_size number
  
  The amount of text you want to return from the beginning of the field if there are no matching fragments to highlight.
- number_of_fragments number
  
  The maximum number of fragments to return. If the number of fragments is set to 0, no fragments are returned. Instead, the entire field contents are highlighted and returned. This can be handy when you need to highlight short texts such as a title or address, but fragmentation is not required. If number_of_fragments is 0, fragment_size is ignored.
- options object
  Hide options attribute Show options attribute object
  
  * object Additional properties
- order string
  
  Value is score.
- phrase_limit number
  
  Controls the number of matching phrases in a document that are considered. Prevents the fvh highlighter from analyzing too many phrases and consuming too much memory. When using matched_fields, phrase_limit phrases per matched field are considered. Raising the limit increases query time and consumes more memory. Only supported by the fvh highlighter.
- post_tags array[string]
  
  Use in conjunction with pre_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in <em> and </em> tags.
- pre_tags array[string]
  
  Use in conjunction with post_tags to define the HTML tags to use for the highlighted text. By default, highlighted text is wrapped in <em> and </em> tags.
- require_field_match boolean
  
  By default, only fields that contains a query match are highlighted. Set to false to highlight all fields.
- tags_schema string
  
  Value is styled.
- encoder string
  
  Values are default or html.
- fields object Required
indices_boost array[object]

Boosts the _score of documents from specified indices.
Hide indices_boost attribute Show indices_boost attribute object
- * number Additional properties
min_score number

Minimum _score for matching documents. Documents with a lower _score are not included in the search results.
post_filter object

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

External documentation
profile boolean
rescore object | array[object]
One of:
Rescore object array-2 array[object]
Hide attributes Show attributes

window_size number

query object

Hide query attributes Show query attributes object

rescore_query object Required

An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

query_weight number

Relative importance of the original query versus the rescore query.

rescore_query_weight number

Relative importance of the rescore query versus the original query.

score_mode string

Values are avg, max, min, multiply, or total.

learning_to_rank object

Hide learning_to_rank attributes Show learning_to_rank attributes object

model_id string Required

The unique identifier of the trained model uploaded to Elasticsearch

params object

Named parameters to be passed to the query templates used for feature
Hide attributes Show attributes object

window_size number

query object

learning_to_rank object
script_fields object

Retrieve a script evaluation (based on different fields) for each hit.
Hide script_fields attribute Show script_fields attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  script object Required
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  ignore_failure boolean
search_after array[number | string | boolean | null | object]

A field value.

A field value.

One of:
FieldValue number FieldValue number FieldValue string FieldValue boolean FieldValue string | null FieldValue object
size number

The number of hits to return. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the search_after parameter.
sort string | object | array[string | object]
One of:
Field string SortOptions object Sort array[string | object]

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
Hide attributes Show attributes

_score object

Hide _score attribute Show _score attribute object

order string

Values are asc or desc.

_doc object

Hide _doc attribute Show _doc attribute object

order string

Values are asc or desc.

_geo_distance object

Hide _geo_distance attributes Show _geo_distance attributes object

mode string

Values are min, max, sum, avg, or median.

distance_type string

Values are arc or plane.

ignore_unmapped boolean

order string

Values are asc or desc.

unit string

Values are in, ft, yd, mi, nmi, km, m, cm, or mm.

nested object

_script object

Hide _script attributes Show _script attributes object

order string

Values are asc or desc.

script object Required

type string

Values are string, number, or version.

mode string

Values are min, max, sum, avg, or median.

nested object
One of:
Field string SortOptions object

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
_source boolean | object

Defines how to fetch a source. Fetching can be disabled entirely, or the source can be filtered.
One of:
SourceConfig boolean SourceFilter object
Hide attributes Show attributes

excludes string | array[string]

includes string | array[string]
fields array[object]

Array of wildcard (*) patterns. The request returns values for field names matching these patterns in the hits.fields property of the response.
Hide fields attributes Show fields attributes object
- field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- format string
  
  The format in which the values are returned.
- include_unmapped boolean
terminate_after number

Maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting. Defaults to 0, which does not terminate query execution early.
stats array[string]

Stats groups to associate with the search. Each group maintains a statistics aggregation for its associated searches. You can retrieve these stats using the indices stats API.
timeout string

Specifies the period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. Defaults to no timeout.
track_scores boolean

If true, calculate and return document scores, even if the scores are not used for sorting.
track_total_hits boolean | number

Number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. Defaults to 10,000 hits.
version boolean

If true, returns document version as part of a hit.
runtime_mappings object
Hide runtime_mappings attribute Show runtime_mappings attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
seq_no_primary_term boolean

If true, returns sequence number and primary term of the last modification of each hit. See Optimistic concurrency control.
pit object
Hide pit attributes Show pit attributes object
- id string Required
- keep_alive string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
suggest object
Hide suggest attribute Show suggest attribute object
- text string
  
  Global suggest text, to avoid repetition when the same text is used in several suggesters

Responses

200 application/json
Hide response attribute Show response attribute object
- docs array[object] Required
  
  One of:
  MultiSearchItem object ErrorResponseBase object
  
  Hide attributes Show attributes
  
  took number Required
  
  The number of milliseconds it took Elasticsearch to run the request. This value is calculated by measuring the time elapsed between receipt of a request on the coordinating node and the time at which the coordinating node is ready to send the response. It includes:
  
  Communication time between the coordinating node and data nodes
  
  Time the request spends in the search thread pool, queued for execution
  
  Actual run time
  
  It does not include:
  
  Time needed to send the request to Elasticsearch
  
  Time needed to serialize the JSON response
  
  Time needed to send the response to a client
  
  timed_out boolean Required
  
  If true, the request timed out before completion; returned results may be partial or empty.
  
  _shards object Required
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  skipped number
  
  hits object Required
  
  Hide hits attributes Show hits attributes object
  
  total
  
  hits array[object] Required
  
  max_score
  
  aggregations object
  
  _clusters object
  
  Hide _clusters attributes Show _clusters attributes object
  
  skipped number Required
  
  successful number Required
  
  total number Required
  
  running number Required
  
  partial number Required
  
  failed number Required
  
  details object
  
  fields object
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  max_score number
  
  num_reduce_phases number
  
  profile object
  
  Hide profile attribute Show profile attribute object
  
  shards array[object] Required
  
  pit_id string
  
  _scroll_id string
  
  suggest object
  
  Hide suggest attribute Show suggest attribute object
  
  * array[object] Additional properties
  
  terminated_early boolean
  
  status number
  
  Hide attributes Show attributes
  
  error object Required
  
  Hide error attributes Show error attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  status number Required

POST /_fleet/_fleet_msearch

curl \
 --request POST 'http://api.example.com/_fleet/_fleet_msearch' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '[{"allow_no_indices":true,"expand_wildcards":"string","ignore_unavailable":true,"index":"string","preference":"string","request_cache":true,"routing":"string","search_type":"query_then_fetch","ccs_minimize_roundtrips":true,"allow_partial_search_results":true,"ignore_throttled":true}]'

Get tokens from text analysis

GET /{index}/_analyze

Api key auth Basic auth Bearer auth

The analyze API performs analysis on a text string and returns the resulting tokens.

Generating excessive amount of tokens may cause a node to run out of memory. The index.analyze.max_token_count setting enables you to limit the number of tokens that can be produced. If more than this limit of tokens gets generated, an error occurs. The _analyze endpoint without a specified index will always use 10000 as its limit.

External documentation

Path parameters

index string Required

Index used to derive the analyzer. If specified, the analyzer or field parameter overrides this value. If no index is specified or the index does not have a default analyzer, the analyze API uses the standard analyzer.

Query parameters

index string

Index used to derive the analyzer. If specified, the analyzer or field parameter overrides this value. If no index is specified or the index does not have a default analyzer, the analyze API uses the standard analyzer.

application/json

Body

analyzer string

The name of the analyzer that should be applied to the provided text. This could be a built-in analyzer, or an analyzer that’s been configured in the index.
attributes array[string]

Array of token attributes used to filter the output of the explain parameter.
char_filter array

Array of character filters used to preprocess characters before the tokenizer.

External documentation
explain boolean

If true, the response includes token attributes and additional details.
field string

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
filter array

Array of token filters used to apply after the tokenizer.

External documentation
normalizer string

Normalizer to use to convert text into a single token.
text string | array[string]

One of:
TextToAnalyze string TextToAnalyze array[string]

Responses

200 application/json
Hide response attributes Show response attributes object
- detail object
  
  Hide detail attributes Show detail attributes object
  
  analyzer object
  
  Hide analyzer attributes Show analyzer attributes object
  
  name string Required
  
  tokens array[object] Required
  
  Hide tokens attributes Show tokens attributes object
  
  bytes string Required
  
  end_offset number Required
  
  keyword boolean
  
  position number Required
  
  positionLength number Required
  
  start_offset number Required
  
  termFrequency number Required
  
  token string Required
  
  type string Required
  
  charfilters array[object]
  
  Hide charfilters attributes Show charfilters attributes object
  
  filtered_text array[string] Required
  
  name string Required
  
  custom_analyzer boolean Required
  
  tokenfilters array[object]
  
  Hide tokenfilters attributes Show tokenfilters attributes object
  
  name string Required
  
  tokens array[object] Required
  
  Hide tokens attributes Show tokens attributes object
  
  bytes string Required
  
  end_offset number Required
  
  keyword boolean
  
  position number Required
  
  positionLength number Required
  
  start_offset number Required
  
  termFrequency number Required
  
  token string Required
  
  type string Required
  
  tokenizer object
  
  Hide tokenizer attributes Show tokenizer attributes object
  
  name string Required
  
  tokens array[object] Required
  
  Hide tokens attributes Show tokens attributes object
  
  bytes string Required
  
  end_offset number Required
  
  keyword boolean
  
  position number Required
  
  positionLength number Required
  
  start_offset number Required
  
  termFrequency number Required
  
  token string Required
  
  type string Required
- tokens array[object]
  
  Hide tokens attributes Show tokens attributes object
  
  end_offset number Required
  
  position number Required
  
  positionLength number
  
  start_offset number Required
  
  token string Required
  
  type string Required

GET /{index}/_analyze

curl \
 --request GET 'http://api.example.com/{index}/_analyze' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"analyzer\": \"standard\",\n  \"text\": \"this is a test\"\n}"'

Request examples

You can apply any of the built-in analyzers to the text string without specifying an index.

{
  "analyzer": "standard",
  "text": "this is a test"
}

If the text parameter is provided as array of strings, it is analyzed as a multi-value field.

{
  "analyzer": "standard",
  "text": [
    "this is a test",
    "the second text"
  ]
}

You can test a custom transient analyzer built from tokenizers, token filters, and char filters. Token filters use the filter parameter.

{
  "tokenizer": "keyword",
  "filter": [
    "lowercase"
  ],
  "char_filter": [
    "html_strip"
  ],
  "text": "this is a <b>test</b>"
}

Custom tokenizers, token filters, and character filters can be specified in the request body.

{
  "tokenizer": "whitespace",
  "filter": [
    "lowercase",
    {
      "type": "stop",
      "stopwords": [
        "a",
        "is",
        "this"
      ]
    }
  ],
  "text": "this is a test"
}

Run `GET /analyze_sample/_analyze` to run an analysis on the text using the default index analyzer associated with the `analyze_sample` index. Alternatively, the analyzer can be derived based on a field mapping.

{
  "field": "obj1.field1",
  "text": "this is a test"
}

Run `GET /analyze_sample/_analyze` and supply a normalizer for a keyword field if there is a normalizer associated with the specified index.

{
  "normalizer": "my_normalizer",
  "text": "BaR"
}

If you want to get more advanced details, set `explain` to `true`. It will output all token attributes for each token. You can filter token attributes you want to output by setting the `attributes` option. NOTE: The format of the additional detail information is labelled as experimental in Lucene and it may change in the future.

{
  "tokenizer": "standard",
  "filter": [
    "snowball"
  ],
  "text": "detailed output",
  "explain": true,
  "attributes": [
    "keyword"
  ]
}

Response examples (200)

A successful response for an analysis with `explain` set to `true`.

{
  "detail": {
    "custom_analyzer": true,
    "charfilters": [],
    "tokenizer": {
      "name": "standard",
      "tokens": [
        {
          "token": "detailed",
          "start_offset": 0,
          "end_offset": 8,
          "type": "<ALPHANUM>",
          "position": 0
        },
        {
          "token": "output",
          "start_offset": 9,
          "end_offset": 15,
          "type": "<ALPHANUM>",
          "position": 1
        }
      ]
    },
    "tokenfilters": [
      {
        "name": "snowball",
        "tokens": [
          {
            "token": "detail",
            "start_offset": 0,
            "end_offset": 8,
            "type": "<ALPHANUM>",
            "position": 0,
            "keyword": false
          },
          {
            "token": "output",
            "start_offset": 9,
            "end_offset": 15,
            "type": "<ALPHANUM>",
            "position": 1,
            "keyword": false
          }
        ]
      }
    ]
  }
}

Clear the cache

POST /{index}/_cache/clear

Api key auth Basic auth Bearer auth

Clear the cache of one or more indices. For data streams, the API clears the caches of the stream's backing indices.

By default, the clear cache API clears all caches. To clear only specific caches, use the fielddata, query, or request parameters. To clear the cache only of specific fields, use the fields parameter.

Path parameters

index string | array[string] Required

Comma-separated list of data streams, indices, and aliases used to limit the request. Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.

Query parameters

index string | array[string]

Comma-separated list of data streams, indices, and aliases used to limit the request. Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.
allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices.
expand_wildcards string | array[string]
Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden. Valid values are: all, open, closed, hidden, none.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
fielddata boolean

If true, clears the fields cache. Use the fields parameter to clear the cache of specific fields only.
fields string | array[string]

Comma-separated list of field names used to limit the fielddata parameter.
ignore_unavailable boolean

If false, the request returns an error if it targets a missing or closed index.
query boolean

If true, clears the query cache.
request boolean

If true, clears the request cache.

Responses

200 application/json
Hide response attribute Show response attribute object
- _shards object
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  shard number Required
  
  status string
  
  skipped number

POST /{index}/_cache/clear

curl \
 --request POST 'http://api.example.com/{index}/_cache/clear' \
 --header "Authorization: $API_KEY"

Create an index

PUT /{index}

Api key auth Basic auth Bearer auth

You can use the create index API to add a new index to an Elasticsearch cluster. When creating an index, you can specify the following:

Settings for the index.
Mappings for fields in the index.
Index aliases

Wait for active shards

By default, index creation will only return a response to the client when the primary copies of each shard have been started, or the request times out. The index creation response will indicate what happened. For example, acknowledged indicates whether the index was successfully created in the cluster, while shards_acknowledged indicates whether the requisite number of shard copies were started for each shard in the index before timing out. Note that it is still possible for either acknowledged or shards_acknowledged to be false, but for the index creation to be successful. These values simply indicate whether the operation completed before the timeout. If acknowledged is false, the request timed out before the cluster state was updated with the newly created index, but it probably will be created sometime soon. If shards_acknowledged is false, then the request timed out before the requisite number of shards were started (by default just the primaries), even if the cluster state was successfully updated to reflect the newly created index (that is to say, acknowledged is true).

You can change the default of only waiting for the primary shards to start through the index setting index.write.wait_for_active_shards. Note that changing this setting will also affect the wait_for_active_shards value on all subsequent write operations.

Path parameters

index string Required

Name of the index you wish to create.

Query parameters

master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
wait_for_active_shards number | string

The number of shard copies that must be active before proceeding with the operation. Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1).

application/json

Body

aliases object

Aliases for the index.
Hide aliases attribute Show aliases attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  filter object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  index_routing string
  
  is_hidden boolean
  
  If true, the alias is hidden. All indices for the alias must have the same is_hidden value.
  
  is_write_index boolean
  
  If true, the index is the write index for the alias.
  
  routing string
  
  search_routing string
mappings object
Hide mappings attributes Show mappings attributes object
- all_field object
  Hide all_field attributes Show all_field attributes object
  
  analyzer string Required
  
  enabled boolean Required
  
  omit_norms boolean Required
  
  search_analyzer string Required
  
  similarity string Required
  
  store boolean Required
  
  store_term_vector_offsets boolean Required
  
  store_term_vector_payloads boolean Required
  
  store_term_vector_positions boolean Required
  
  store_term_vectors boolean Required
- date_detection boolean
- dynamic string
  
  Values are strict, runtime, true, or false.
- dynamic_date_formats array[string]
- dynamic_templates array[object]
- _field_names object
  Hide _field_names attribute Show _field_names attribute object
  
  enabled boolean Required
- index_field object
  Hide index_field attribute Show index_field attribute object
  
  enabled boolean Required
- _meta object
  Hide _meta attribute Show _meta attribute object
  
  * object Additional properties
- numeric_detection boolean
- properties object
- _routing object
  Hide _routing attribute Show _routing attribute object
  
  required boolean Required
- _size object
  Hide _size attribute Show _size attribute object
  
  enabled boolean Required
- _source object
  Hide _source attributes Show _source attributes object
  
  compress boolean
  
  compress_threshold string
  
  enabled boolean
  
  excludes array[string]
  
  includes array[string]
  
  mode string
  
  Values are disabled, stored, or synthetic.
- runtime object
  Hide runtime attribute Show runtime attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
- enabled boolean
- subobjects string
  
  Values are true or false.
- _data_stream_timestamp object
  Hide _data_stream_timestamp attribute Show _data_stream_timestamp attribute object
  
  enabled boolean Required
settings object
Hide settings attributes Show settings attributes object
- index object
- mode string
- routing_path string | array[string]
  
  One of:
  string-1 string array-2 array[string]
- soft_deletes object
  Hide soft_deletes attributes Show soft_deletes attributes object
  
  enabled boolean
  
  Indicates whether soft deletes are enabled on the index.
  
  retention_lease object
  
  Hide retention_lease attribute Show retention_lease attribute object
  
  period string Required
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- sort object
  Hide sort attributes Show sort attributes object
  
  field string | array[string]
  
  order string | array[string]
  
  Supported values include: asc (or ASC), desc (or DESC)
  
  One of:
  SegmentSortOrder string array-2 array[string]
  
  Values are asc, ASC, desc, or DESC.
  
  mode string | array[string]
  
  Supported values include: min (or MIN), max (or MAX)
  
  One of:
  SegmentSortMode string array-2 array[string]
  
  Values are min, MIN, max, or MAX.
  
  missing string | array[string]
  
  Supported values include: _last, _first
  
  One of:
  SegmentSortMissing string array-2 array[string]
  
  Values are _last or _first.
- number_of_shards number | string
  
  One of:
  number-1 number string-2 string
- number_of_replicas number | string
  
  One of:
  number-1 number string-2 string
- number_of_routing_shards number
- check_on_startup string
  
  Values are true, false, or checksum.
- codec string
- routing_partition_size number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
- load_fixed_bitset_filters_eagerly boolean
- hidden boolean | string
  
  One of:
  boolean-1 boolean string-2 string
- auto_expand_replicas string | null
  
  One of:
  string-1 string NullValue string | null
- merge object
  Hide merge attribute Show merge attribute object
  
  scheduler object
  
  Hide scheduler attributes Show scheduler attributes object
  
  max_thread_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  max_merge_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
- search object
  Hide search attributes Show search attributes object
  
  idle object
  
  Hide idle attribute Show idle attribute object
  
  after string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  slowlog object
  
  Hide slowlog attributes Show slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  threshold object
  
  Hide threshold attributes Show threshold attributes object
  
  query object
  
  Hide query attributes Show query attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  fetch object
  
  Hide fetch attributes Show fetch attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- refresh_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- max_result_window number
- max_inner_result_window number
- max_rescore_window number
- max_docvalue_fields_search number
- max_script_fields number
- max_ngram_diff number
- max_shingle_diff number
- blocks object
  Hide blocks attributes Show blocks attributes object
  
  read_only boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  read_only_allow_delete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  read boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  write boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  metadata boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
- max_refresh_listeners number
- analyze object
  Hide analyze attribute Show analyze attribute object
  
  max_token_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
- highlight object
  Hide highlight attribute Show highlight attribute object
  
  max_analyzed_offset number
- max_terms_count number
- max_regex_length number
- routing object
  Hide routing attributes Show routing attributes object
  
  allocation object
  
  Hide allocation attributes Show allocation attributes object
  
  enable string
  
  Values are all, primaries, new_primaries, or none.
  
  include object
  
  Hide include attributes Show include attributes object
  
  _tier_preference string
  
  _id string
  
  initial_recovery object
  
  Hide initial_recovery attribute Show initial_recovery attribute object
  
  _id string
  
  disk object
  
  Hide disk attribute Show disk attribute object
  
  threshold_enabled boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  rebalance object
  
  Hide rebalance attribute Show rebalance attribute object
  
  enable string Required
  
  Values are all, primaries, replicas, or none.
- gc_deletes string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- default_pipeline string
- final_pipeline string
- lifecycle object
  Hide lifecycle attributes Show lifecycle attributes object
  
  name string
  
  indexing_complete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
  
  origination_date number
  
  If specified, this is the timestamp used to calculate the index age for its phase transitions. Use this setting if you create a new index that contains old data and want to use the original creation date to calculate the index age. Specified as a Unix epoch value in milliseconds.
  
  parse_origination_date boolean
  
  Set to true to parse the origination date from the index name. This origination date is used to calculate the index age for its phase transitions. The index name must match the pattern ^{.*-{date_format}-\d+,} where the date_format is yyyy.MM.dd and the trailing digits are optional. An index that was rolled over would normally match the full format, for example logs-2016.10.31-000002). If the index name doesn’t match the pattern, index creation fails.
  
  step object
  
  Hide step attribute Show step attribute object
  
  wait_time_threshold string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  rollover_alias string
  
  The index alias to update when the index rolls over. Specify when using a policy that contains a rollover action. When the index rolls over, the alias is updated to reflect that the index is no longer the write index. For more information about rolling indices, see Rollover.
  
  prefer_ilm boolean | string
  
  Preference for the system that manages a data stream backing index (preferring ILM when both ILM and DLM are applicable for an index).
  
  One of:
  boolean-1 boolean string-2 string
- provided_name string
- creation_date number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  UnitMillis number StringifiedEpochTimeUnitMillis string
  
  Time unit for milliseconds
- creation_date_string string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- uuid string
- version object
  Hide version attributes Show version attributes object
  
  created string
  
  created_string string
- verified_before_close boolean | string
  
  One of:
  boolean-1 boolean string-2 string
- format string | number
  
  One of:
  string-1 string number-2 number
- max_slices_per_scroll number
- translog object
  Hide translog attributes Show translog attributes object
  
  sync_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  durability string
  
  Values are request, REQUEST, async, or ASYNC.
  
  flush_threshold_size number | string
  
  One of:
  ByteSize number ByteSize string
  
  retention object
  
  Hide retention attributes Show retention attributes object
  
  size number | string
  
  One of:
  ByteSize number ByteSize string
  
  age string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- query_string object
  Hide query_string attribute Show query_string attribute object
  
  lenient boolean | string Required
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
- priority number | string
  
  One of:
  number-1 number string-2 string
- top_metrics_max_size number
- analysis object
  Hide analysis attributes Show analysis attributes object
  
  analyzer object
  
  char_filter object
  
  filter object
  
  normalizer object
  
  tokenizer object
- settings object
- time_series object
  Hide time_series attributes Show time_series attributes object
  
  end_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  start_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- queries object
  Hide queries attribute Show queries attribute object
  
  cache object
  
  Hide cache attribute Show cache attribute object
  
  enabled boolean Required
- similarity object
  
  Configure custom similarity settings to customize how search results are scored.
- mapping object
  Hide mapping attributes Show mapping attributes object
  
  coerce boolean
  
  total_fields object
  
  Hide total_fields attributes Show total_fields attributes object
  
  limit number | string
  
  The maximum number of fields in an index. Field and object mappings, as well as field aliases count towards this limit. The limit is in place to prevent mappings and searches from becoming too large. Higher values can lead to performance degradations and memory issues, especially in clusters with a high load or few resources.
  
  One of:
  number-1 number string-2 string
  
  ignore_dynamic_beyond_limit boolean | string
  
  This setting determines what happens when a dynamically mapped field would exceed the total fields limit. When set to false (the default), the index request of the document that tries to add a dynamic field to the mapping will fail with the message Limit of total fields [X] has been exceeded. When set to true, the index request will not fail. Instead, fields that would exceed the limit are not added to the mapping, similar to dynamic: false. The fields that were not added to the mapping will be added to the _ignored field.
  
  One of:
  boolean-1 boolean string-2 string
  
  depth object
  
  Hide depth attribute Show depth attribute object
  
  limit number
  
  The maximum depth for a field, which is measured as the number of inner objects. For instance, if all fields are defined at the root object level, then the depth is 1. If there is one object mapping, then the depth is 2, etc.
  
  nested_fields object
  
  Hide nested_fields attribute Show nested_fields attribute object
  
  limit number
  
  The maximum number of distinct nested mappings in an index. The nested type should only be used in special cases, when arrays of objects need to be queried independently of each other. To safeguard against poorly designed mappings, this setting limits the number of unique nested types per index.
  
  nested_objects object
  
  Hide nested_objects attribute Show nested_objects attribute object
  
  limit number
  
  The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects.
  
  field_name_length object
  
  Hide field_name_length attribute Show field_name_length attribute object
  
  limit number
  
  Setting for the maximum length of a field name. This setting isn’t really something that addresses mappings explosion but might still be useful if you want to limit the field length. It usually shouldn’t be necessary to set this setting. The default is okay unless a user starts to add a huge number of fields with really long names. Default is Long.MAX_VALUE (no limit).
  
  dimension_fields object
  
  Hide dimension_fields attribute Show dimension_fields attribute object
  
  limit number
  
  [preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
  
  source object
  
  Hide source attribute Show source attribute object
  
  mode string Required
  
  Values are disabled, stored, or synthetic.
  
  ignore_malformed boolean | string
  
  One of:
  boolean-1 boolean string-2 string
- indexing.slowlog object
  Hide indexing.slowlog attributes Show indexing.slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  threshold object
  
  Hide threshold attribute Show threshold attribute object
  
  index object
  
  Hide index attributes Show index attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- indexing_pressure object
  Hide indexing_pressure attribute Show indexing_pressure attribute object
  
  memory object Required
  
  Hide memory attribute Show memory attribute object
  
  limit number
  
  Number of outstanding bytes that may be consumed by indexing requests. When this limit is reached or exceeded, the node will reject new coordinating and primary operations. When replica operations consume 1.5x this limit, the node will reject new replica operations. Defaults to 10% of the heap.
- store object
  Hide store attributes Show store attributes object
  
  type string Required
  
  Any of:
  StorageType string StorageType string
  
  Values are fs, niofs, mmapfs, or hybridfs.
  
  allow_mmap boolean
  
  You can restrict the use of the mmapfs and the related hybridfs store type via the setting node.store.allow_mmap. This is a boolean setting indicating whether or not memory-mapping is allowed. The default is to allow it. This setting is useful, for example, if you are in an environment where you can not control the ability to create a lot of memory maps so you need disable the ability to use memory-mapping.

Responses

200 application/json
Hide response attributes Show response attributes object
- index string Required
- shards_acknowledged boolean Required
- acknowledged boolean Required

PUT /{index}

curl \
 --request PUT 'http://api.example.com/{index}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"settings\": {\n    \"number_of_shards\": 3,\n    \"number_of_replicas\": 2\n  }\n}"'

Request examples

This request specifies the `number_of_shards` and `number_of_replicas`.

{
  "settings": {
    "number_of_shards": 3,
    "number_of_replicas": 2
  }
}

You can provide mapping definitions in the create index API requests.

{
  "settings": {
    "number_of_shards": 1
  },
  "mappings": {
    "properties": {
      "field1": { "type": "text" }
    }
  }
}

You can provide mapping definitions in the create index API requests. Index alias names also support date math.

{
  "aliases": {
    "alias_1": {},
    "alias_2": {
      "filter": {
        "term": {
          "user.id": "kimchy"
        }
      },
      "routing": "shard-1"
    }
  }
}

Delete indices

DELETE /{index}

Api key auth Basic auth Bearer auth

Deleting an index deletes its documents, shards, and metadata. It does not delete related Kibana components, such as data views, visualizations, or dashboards.

You cannot delete the current write index of a data stream. To delete the index, you must roll over the data stream so a new write index is created. You can then use the delete index API to delete the previous write index.

Path parameters

index string | array[string] Required

Comma-separated list of indices to delete. You cannot specify index aliases. By default, this parameter does not support wildcards (*) or _all. To use wildcards or _all, set the action.destructive_requires_name cluster setting to false.

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices.
expand_wildcards string | array[string]
Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden. Valid values are: all, open, closed, hidden, none.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
ignore_unavailable boolean

If false, the request returns an error if it targets a missing or closed index.
master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.
- _shards object
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  shard number Required
  
  status string
  
  skipped number

DELETE /{index}

curl \
 --request DELETE 'http://api.example.com/{index}' \
 --header "Authorization: $API_KEY"

Get aliases

GET /{index}/_alias/{name}

Api key auth Basic auth Bearer auth

Retrieves information for one or more data stream or index aliases.

Path parameters

index string | array[string] Required

Comma-separated list of data streams or indices used to limit the request. Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.
name string | array[string] Required

Comma-separated list of aliases to retrieve. Supports wildcards (*). To retrieve all aliases, omit this parameter or use * or _all.

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices.
expand_wildcards string | array[string]
Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden. Valid values are: all, open, closed, hidden, none.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
ignore_unavailable boolean

If false, the request returns an error if it targets a missing or closed index.
local boolean Deprecated

If true, the request retrieves information from the local node only.

Responses

200 application/json
Hide response attribute Show response attribute object
- * object Additional properties
  
  Hide * attribute Show * attribute object
  
  aliases object Required
  
  Hide aliases attribute Show aliases attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  filter object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  index_routing string
  
  Value used to route indexing operations to a specific shard. If specified, this overwrites the routing value for indexing operations.
  
  is_write_index boolean
  
  If true, the index is the write index for the alias.
  
  routing string
  
  Value used to route indexing and search operations to a specific shard.
  
  search_routing string
  
  Value used to route search operations to a specific shard. If specified, this overwrites the routing value for search operations.
  
  is_hidden boolean
  
  If true, the alias is hidden. All indices for the alias must have the same is_hidden value.

GET /{index}/_alias/{name}

curl \
 --request GET 'http://api.example.com/{index}/_alias/{name}' \
 --header "Authorization: $API_KEY"

Check aliases

HEAD /{index}/_alias/{name}

Api key auth Basic auth Bearer auth

Check if one or more data stream or index aliases exist.

Path parameters

index string | array[string] Required

Comma-separated list of data streams or indices used to limit the request. Supports wildcards (*). To target all data streams and indices, omit this parameter or use * or _all.
name string | array[string] Required

Comma-separated list of aliases to check. Supports wildcards (*).

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices.
expand_wildcards string | array[string]
Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden. Valid values are: all, open, closed, hidden, none.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
ignore_unavailable boolean

If false, requests that include a missing data stream or index in the target indices or data streams return an error.
local boolean Deprecated

If true, the request retrieves information from the local node only.

Responses

200 application/json

HEAD /{index}/_alias/{name}

curl \
 --request HEAD 'http://api.example.com/{index}/_alias/{name}' \
 --header "Authorization: $API_KEY"

Delete an alias

DELETE /{index}/_aliases/{name}

Api key auth Basic auth Bearer auth

Removes a data stream or index from an alias.

Path parameters

index string | array[string] Required

Comma-separated list of data streams or indices used to limit the request. Supports wildcards (*).
name string | array[string] Required

Comma-separated list of aliases to remove. Supports wildcards (*). To remove all aliases, use * or _all.

Query parameters

master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

DELETE /{index}/_aliases/{name}

curl \
 --request DELETE 'http://api.example.com/{index}/_aliases/{name}' \
 --header "Authorization: $API_KEY"

Force a merge Added in 2.1.0

POST /_forcemerge

Api key auth Basic auth Bearer auth

Perform the force merge operation on the shards of one or more indices. For data streams, the API forces a merge on the shards of the stream's backing indices.

Merging reduces the number of segments in each shard by merging some of them together and also frees up the space used by deleted documents. Merging normally happens automatically, but sometimes it is useful to trigger a merge manually.

WARNING: We recommend force merging only a read-only index (meaning the index is no longer receiving writes). When documents are updated or deleted, the old version is not immediately removed but instead soft-deleted and marked with a "tombstone". These soft-deleted documents are automatically cleaned up during regular segment merges. But force merge can cause very large (greater than 5 GB) segments to be produced, which are not eligible for regular merges. So the number of soft-deleted documents can then grow rapidly, resulting in higher disk usage and worse search performance. If you regularly force merge an index receiving writes, this can also make snapshots more expensive, since the new documents can't be backed up incrementally.

Blocks during a force merge

Calls to this API block until the merge is complete (unless request contains wait_for_completion=false). If the client connection is lost before completion then the force merge process will continue in the background. Any new requests to force merge the same indices will also block until the ongoing force merge is complete.

Running force merge asynchronously

If the request contains wait_for_completion=false, Elasticsearch performs some preflight checks, launches the request, and returns a task you can use to get the status of the task. However, you can not cancel this task as the force merge task is not cancelable. Elasticsearch creates a record of this task as a document at _tasks/<task_id>. When you are done with a task, you should delete the task document so Elasticsearch can reclaim the space.

Force merging multiple indices

You can force merge multiple indices with a single request by targeting:

One or more data streams that contain multiple backing indices
Multiple indices
One or more aliases
All data streams and indices in a cluster

Each targeted shard is force-merged separately using the force_merge threadpool. By default each node only has a single force_merge thread which means that the shards on that node are force-merged one at a time. If you expand the force_merge threadpool on a node then it will force merge its shards in parallel

Force merge makes the storage for the shard being merged temporarily increase, as it may require free space up to triple its size in case max_num_segments parameter is set to 1, to rewrite all segments into a new one.

Data streams and time-based indices

Force-merging is useful for managing a data stream's older backing indices and other time-based indices, particularly after a rollover. In these cases, each index only receives indexing traffic for a certain period of time. Once an index receive no more writes, its shards can be force-merged to a single segment. This can be a good idea because single-segment shards can sometimes use simpler and more efficient data structures to perform searches. For example:

POST /.ds-my-data-stream-2099.03.07-000001/_forcemerge?max_num_segments=1

External documentation

Query parameters

allow_no_indices boolean

Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
expand_wildcards string | array[string]
Whether to expand wildcard expression to concrete indices that are open, closed or both.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
flush boolean

Specify whether the index should be flushed after performing the operation (default: true)
ignore_unavailable boolean

Whether specified concrete indices should be ignored when unavailable (missing or closed)
max_num_segments number

The number of segments the index should be merged into (default: dynamic)
only_expunge_deletes boolean

Specify whether the operation should only expunge deleted documents
wait_for_completion boolean

Should the request wait until the force merge is completed.

Responses

200 application/json
Hide response attributes Show response attributes object
- _shards object
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  shard number Required
  
  status string
  
  skipped number
- task string
  
  task contains a task id returned when wait_for_completion=false, you can use the task_id to get the status of the task at _tasks/

POST /_forcemerge

curl \
 --request POST 'http://api.example.com/_forcemerge' \
 --header "Authorization: $API_KEY"

Update index settings

PUT /_settings

Api key auth Basic auth Bearer auth

Changes dynamic index settings in real time. For data streams, index setting changes are applied to all backing indices by default.

To revert a setting to the default value, use a null value. The list of per-index settings that can be updated dynamically on live indices can be found in index module documentation. To preserve existing settings from being updated, set the preserve_existing parameter to true.

NOTE: You can only define new analyzers on closed indices. To add an analyzer, you must close the index, define the analyzer, and reopen the index. You cannot close the write index of a data stream. To update the analyzer for a data stream's write index and future backing indices, update the analyzer in the index template used by the stream. Then roll over the data stream to apply the new analyzer to the stream's write index and future backing indices. This affects searches and any new data added to the stream after the rollover. However, it does not affect the data stream's backing indices or their existing data. To change the analyzer for existing backing indices, you must create a new data stream and reindex your data into it.

External documentation

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
expand_wildcards string | array[string]
Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
flat_settings boolean

If true, returns settings in flat format.
ignore_unavailable boolean

If true, returns settings in flat format.
master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
preserve_existing boolean

If true, existing index settings remain unchanged.
reopen boolean

Whether to close and reopen the index to apply non-dynamic settings. If set to true the indices to which the settings are being applied will be closed temporarily and then reopened in order to apply the changes.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

application/json

Body Required

index object
mode string
routing_path string | array[string]

One of:
string-1 string array-2 array[string]
soft_deletes object
Hide soft_deletes attributes Show soft_deletes attributes object
- enabled boolean
  
  Indicates whether soft deletes are enabled on the index.
- retention_lease object
  Hide retention_lease attribute Show retention_lease attribute object
  
  period string Required
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
sort object
Hide sort attributes Show sort attributes object
- field string | array[string]
- order string | array[string]
  
  Supported values include: asc (or ASC), desc (or DESC)
  
  One of:
  SegmentSortOrder string array-2 array[string]
  
  Values are asc, ASC, desc, or DESC.
- mode string | array[string]
  
  Supported values include: min (or MIN), max (or MAX)
  
  One of:
  SegmentSortMode string array-2 array[string]
  
  Values are min, MIN, max, or MAX.
- missing string | array[string]
  
  Supported values include: _last, _first
  
  One of:
  SegmentSortMissing string array-2 array[string]
  
  Values are _last or _first.
number_of_shards number | string

One of:
number-1 number string-2 string
number_of_replicas number | string

One of:
number-1 number string-2 string
number_of_routing_shards number
check_on_startup string

Values are true, false, or checksum.
codec string
routing_partition_size number | string

Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.

Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.

One of:
Stringifiedinteger number Stringifiedinteger string
load_fixed_bitset_filters_eagerly boolean
hidden boolean | string

One of:
boolean-1 boolean string-2 string
auto_expand_replicas string | null

One of:
string-1 string NullValue string | null
merge object
Hide merge attribute Show merge attribute object
- scheduler object
  Hide scheduler attributes Show scheduler attributes object
  
  max_thread_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
  
  max_merge_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
search object
Hide search attributes Show search attributes object
- idle object
  Hide idle attribute Show idle attribute object
  
  after string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- slowlog object
  Hide slowlog attributes Show slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  threshold object
  
  Hide threshold attributes Show threshold attributes object
  
  query object
  
  Hide query attributes Show query attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  fetch object
  
  Hide fetch attributes Show fetch attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
refresh_interval string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
max_result_window number
max_inner_result_window number
max_rescore_window number
max_docvalue_fields_search number
max_script_fields number
max_ngram_diff number
max_shingle_diff number
blocks object
Hide blocks attributes Show blocks attributes object
- read_only boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
- read_only_allow_delete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
- read boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
- write boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
- metadata boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
max_refresh_listeners number
analyze object
Hide analyze attribute Show analyze attribute object
- max_token_count number | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedinteger number Stringifiedinteger string
highlight object
Hide highlight attribute Show highlight attribute object
- max_analyzed_offset number
max_terms_count number
max_regex_length number
routing object
Hide routing attributes Show routing attributes object
- allocation object
  Hide allocation attributes Show allocation attributes object
  
  enable string
  
  Values are all, primaries, new_primaries, or none.
  
  include object
  
  Hide include attributes Show include attributes object
  
  _tier_preference string
  
  _id string
  
  initial_recovery object
  
  Hide initial_recovery attribute Show initial_recovery attribute object
  
  _id string
  
  disk object
  
  Hide disk attribute Show disk attribute object
  
  threshold_enabled boolean | string
  
  One of:
  boolean-1 boolean string-2 string
- rebalance object
  Hide rebalance attribute Show rebalance attribute object
  
  enable string Required
  
  Values are all, primaries, replicas, or none.
gc_deletes string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
default_pipeline string
final_pipeline string
lifecycle object
Hide lifecycle attributes Show lifecycle attributes object
- name string
- indexing_complete boolean | string
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
- origination_date number
  
  If specified, this is the timestamp used to calculate the index age for its phase transitions. Use this setting if you create a new index that contains old data and want to use the original creation date to calculate the index age. Specified as a Unix epoch value in milliseconds.
- parse_origination_date boolean
  
  Set to true to parse the origination date from the index name. This origination date is used to calculate the index age for its phase transitions. The index name must match the pattern ^{.*-{date_format}-\d+,} where the date_format is yyyy.MM.dd and the trailing digits are optional. An index that was rolled over would normally match the full format, for example logs-2016.10.31-000002). If the index name doesn’t match the pattern, index creation fails.
- step object
  Hide step attribute Show step attribute object
  
  wait_time_threshold string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- rollover_alias string
  
  The index alias to update when the index rolls over. Specify when using a policy that contains a rollover action. When the index rolls over, the alias is updated to reflect that the index is no longer the write index. For more information about rolling indices, see Rollover.
- prefer_ilm boolean | string
  
  Preference for the system that manages a data stream backing index (preferring ILM when both ILM and DLM are applicable for an index).
  
  One of:
  boolean-1 boolean string-2 string
provided_name string
creation_date number | string

Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.

Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.

One of:
UnitMillis number StringifiedEpochTimeUnitMillis string

Time unit for milliseconds
creation_date_string string | number

A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

One of:
DateTime string UnitMillis number
uuid string
version object
Hide version attributes Show version attributes object
- created string
- created_string string
verified_before_close boolean | string

One of:
boolean-1 boolean string-2 string
format string | number

One of:
string-1 string number-2 number
max_slices_per_scroll number
translog object
Hide translog attributes Show translog attributes object
- sync_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- durability string
  
  Values are request, REQUEST, async, or ASYNC.
- flush_threshold_size number | string
  
  One of:
  ByteSize number ByteSize string
- retention object
  Hide retention attributes Show retention attributes object
  
  size number | string
  
  One of:
  ByteSize number ByteSize string
  
  age string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
query_string object
Hide query_string attribute Show query_string attribute object
- lenient boolean | string Required
  
  Some APIs will return values such as numbers also as a string (notably epoch timestamps). This behavior is used to capture this behavior while keeping the semantics of the field type.
  
  Depending on the target language, code generators can keep the union or remove it and leniently parse strings to the target type.
  
  One of:
  Stringifiedboolean boolean Stringifiedboolean string
priority number | string

One of:
number-1 number string-2 string
top_metrics_max_size number
analysis object
Hide analysis attributes Show analysis attributes object
- analyzer object
- char_filter object
- filter object
- normalizer object
- tokenizer object
settings object
time_series object
Hide time_series attributes Show time_series attributes object
- end_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
- start_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
queries object
Hide queries attribute Show queries attribute object
- cache object
  Hide cache attribute Show cache attribute object
  
  enabled boolean Required
similarity object

Configure custom similarity settings to customize how search results are scored.
mapping object
Hide mapping attributes Show mapping attributes object
- coerce boolean
- total_fields object
  Hide total_fields attributes Show total_fields attributes object
  
  limit number | string
  
  The maximum number of fields in an index. Field and object mappings, as well as field aliases count towards this limit. The limit is in place to prevent mappings and searches from becoming too large. Higher values can lead to performance degradations and memory issues, especially in clusters with a high load or few resources.
  
  One of:
  number-1 number string-2 string
  
  ignore_dynamic_beyond_limit boolean | string
  
  This setting determines what happens when a dynamically mapped field would exceed the total fields limit. When set to false (the default), the index request of the document that tries to add a dynamic field to the mapping will fail with the message Limit of total fields [X] has been exceeded. When set to true, the index request will not fail. Instead, fields that would exceed the limit are not added to the mapping, similar to dynamic: false. The fields that were not added to the mapping will be added to the _ignored field.
  
  One of:
  boolean-1 boolean string-2 string
- depth object
  Hide depth attribute Show depth attribute object
  
  limit number
  
  The maximum depth for a field, which is measured as the number of inner objects. For instance, if all fields are defined at the root object level, then the depth is 1. If there is one object mapping, then the depth is 2, etc.
- nested_fields object
  Hide nested_fields attribute Show nested_fields attribute object
  
  limit number
  
  The maximum number of distinct nested mappings in an index. The nested type should only be used in special cases, when arrays of objects need to be queried independently of each other. To safeguard against poorly designed mappings, this setting limits the number of unique nested types per index.
- nested_objects object
  Hide nested_objects attribute Show nested_objects attribute object
  
  limit number
  
  The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects.
- field_name_length object
  Hide field_name_length attribute Show field_name_length attribute object
  
  limit number
  
  Setting for the maximum length of a field name. This setting isn’t really something that addresses mappings explosion but might still be useful if you want to limit the field length. It usually shouldn’t be necessary to set this setting. The default is okay unless a user starts to add a huge number of fields with really long names. Default is Long.MAX_VALUE (no limit).
- dimension_fields object
  Hide dimension_fields attribute Show dimension_fields attribute object
  
  limit number
  
  [preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
- source object
  Hide source attribute Show source attribute object
  
  mode string Required
  
  Values are disabled, stored, or synthetic.
- ignore_malformed boolean | string
  
  One of:
  boolean-1 boolean string-2 string
indexing.slowlog object
Hide indexing.slowlog attributes Show indexing.slowlog attributes object
- level string
- source number
- reformat boolean
- threshold object
  Hide threshold attribute Show threshold attribute object
  
  index object
  
  Hide index attributes Show index attributes object
  
  warn string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  info string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  debug string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  trace string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
indexing_pressure object
Hide indexing_pressure attribute Show indexing_pressure attribute object
- memory object Required
  Hide memory attribute Show memory attribute object
  
  limit number
  
  Number of outstanding bytes that may be consumed by indexing requests. When this limit is reached or exceeded, the node will reject new coordinating and primary operations. When replica operations consume 1.5x this limit, the node will reject new replica operations. Defaults to 10% of the heap.
store object
Hide store attributes Show store attributes object
- type string Required
  
  Any of:
  StorageType string StorageType string
  
  Values are fs, niofs, mmapfs, or hybridfs.
- allow_mmap boolean
  
  You can restrict the use of the mmapfs and the related hybridfs store type via the setting node.store.allow_mmap. This is a boolean setting indicating whether or not memory-mapping is allowed. The default is to allow it. This setting is useful, for example, if you are in an environment where you can not control the ability to create a lot of memory maps so you need disable the ability to use memory-mapping.

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

PUT /_settings

curl \
 --request PUT 'http://api.example.com/_settings' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"index\" : {\n    \"number_of_replicas\" : 2\n  }\n}"'

Request examples

{
  "index" : {
    "number_of_replicas" : 2
  }
}

To revert a setting to the default value, use `null`.

{
  "index" : {
    "refresh_interval" : null
  }
}

To add an analyzer, you must close the index, define the analyzer, then reopen the index.

{
  "analysis" : {
    "analyzer":{
      "content":{
        "type":"custom",
        "tokenizer":"whitespace"
      }
    }
  }
}

POST /my-index-000001/_open

Reload search analyzers Added in 7.3.0

GET /{index}/_reload_search_analyzers

Api key auth Basic auth Bearer auth

Reload an index's search analyzers and their resources. For data streams, the API reloads search analyzers and resources for the stream's backing indices.

IMPORTANT: After reloading the search analyzers you should clear the request cache to make sure it doesn't contain responses derived from the previous versions of the analyzer.

You can use the reload search analyzers API to pick up changes to synonym files used in the synonym_graph or synonym token filter of a search analyzer. To be eligible, the token filter must have an updateable flag of true and only be used in search analyzers.

NOTE: This API does not perform a reload for each shard of an index. Instead, it performs a reload for each node containing index shards. As a result, the total shard count returned by the API can differ from the number of index shards. Because reloading affects every node with an index shard, it is important to update the synonym file on every data node in the cluster--including nodes that don't contain a shard replica--before using this API. This ensures the synonym file is updated everywhere in the cluster in case shards are relocated in the future.

External documentation

Path parameters

index string | array[string] Required

A comma-separated list of index names to reload analyzers for

Query parameters

allow_no_indices boolean

Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)
expand_wildcards string | array[string]
Whether to expand wildcard expression to concrete indices that are open, closed or both.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
ignore_unavailable boolean

Whether specified concrete indices should be ignored when unavailable (missing or closed)
resource string

Changed resource to reload analyzers from if applicable

Responses

200 application/json
Hide response attributes Show response attributes object
- reload_details array[object] Required
  
  Hide reload_details attributes Show reload_details attributes object
  
  index string Required
  
  reloaded_analyzers array[string] Required
  
  reloaded_node_ids array[string] Required
- _shards object Required
  
  Hide _shards attributes Show _shards attributes object
  
  failed number Required
  
  successful number Required
  
  total number Required
  
  failures array[object]
  
  Hide failures attributes Show failures attributes object
  
  index string
  
  node string
  
  reason object Required
  
  Hide reason attributes Show reason attributes object
  
  type string Required
  
  The type of error
  
  reason string
  
  A human-readable explanation of the error, in English.
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  root_cause array[object]
  
  suppressed array[object]
  
  shard number Required
  
  status string
  
  skipped number

GET /{index}/_reload_search_analyzers

curl \
 --request GET 'http://api.example.com/{index}/_reload_search_analyzers' \
 --header "Authorization: $API_KEY"

Resolve the cluster Added in 8.13.0

GET /_resolve/cluster/{name}

Api key auth Basic auth Bearer auth

Resolve the specified index expressions to return information about each cluster, including the local "querying" cluster, if included. If no index expression is provided, the API will return information about all the remote clusters that are configured on the querying cluster.

This endpoint is useful before doing a cross-cluster search in order to determine which remote clusters should be included in a search.

You use the same index expression with this endpoint as you would for cross-cluster search. Index and cluster exclusions are also supported with this endpoint.

For each cluster in the index expression, information is returned about:

Whether the querying ("local") cluster is currently connected to each remote cluster specified in the index expression. Note that this endpoint actively attempts to contact the remote clusters, unlike the remote/info endpoint.
Whether each remote cluster is configured with skip_unavailable as true or false.
Whether there are any indices, aliases, or data streams on that cluster that match the index expression.
Whether the search is likely to have errors returned when you do the cross-cluster search (including any authorization errors if you do not have permission to query the index).
Cluster version information, including the Elasticsearch server version.

For example, GET /_resolve/cluster/my-index-*,cluster*:my-index-* returns information about the local cluster and all remotely configured clusters that start with the alias cluster*. Each cluster returns information about whether it has any indices, aliases or data streams that match my-index-*.

Note on backwards compatibility

The ability to query without an index expression was added in version 8.18, so when querying remote clusters older than that, the local cluster will send the index expression dummy* to those remote clusters. Thus, if an errors occur, you may see a reference to that index expression even though you didn't request it. If it causes a problem, you can instead include an index expression like *:* to bypass the issue.

Advantages of using this endpoint before a cross-cluster search

You may want to exclude a cluster or index from a search when:

A remote cluster is not currently connected and is configured with skip_unavailable=false. Running a cross-cluster search under those conditions will cause the entire search to fail.
A cluster has no matching indices, aliases or data streams for the index expression (or your user does not have permissions to search them). For example, suppose your index expression is logs*,remote1:logs* and the remote1 cluster has no indices, aliases or data streams that match logs*. In that case, that cluster will return no results from that cluster if you include it in a cross-cluster search.
The index expression (combined with any query parameters you specify) will likely cause an exception to be thrown when you do the search. In these cases, the "error" field in the _resolve/cluster response will be present. (This is also where security/permission errors will be shown.)
A remote cluster is an older version that does not support the feature you want to use in your search.

Test availability of remote clusters

The remote/info endpoint is commonly used to test whether the "local" cluster (the cluster being queried) is connected to its remote clusters, but it does not necessarily reflect whether the remote cluster is available or not. The remote cluster may be available, while the local cluster is not currently connected to it.

You can use the _resolve/cluster API to attempt to reconnect to remote clusters. For example with GET _resolve/cluster or GET _resolve/cluster/*:*. The connected field in the response will indicate whether it was successful. If a connection was (re-)established, this will also cause the remote/info endpoint to now indicate a connected status.

Path parameters

name string | array[string] Required

A comma-separated list of names or index patterns for the indices, aliases, and data streams to resolve. Resources on remote clusters can be specified using the <cluster>:<name> syntax. Index and cluster exclusions (e.g., -cluster1:*) are also supported. If no index expression is specified, information about all remote clusters configured on the local cluster is returned without doing any index matching

Query parameters

allow_no_indices boolean

If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar. NOTE: This option is only supported when specifying an index expression. You will get an error if you specify index options to the _resolve/cluster API endpoint that takes no index expression.
expand_wildcards string | array[string]
Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values, such as open,hidden. Valid values are: all, open, closed, hidden, none. NOTE: This option is only supported when specifying an index expression. You will get an error if you specify index options to the _resolve/cluster API endpoint that takes no index expression.

Supported values include:
- all: Match any data stream or index, including hidden ones.
- open: Match open, non-hidden indices. Also matches any non-hidden data stream.
- closed: Match closed, non-hidden indices. Also matches any non-hidden data stream. Data streams cannot be closed.
- hidden: Match hidden data streams and hidden indices. Must be combined with open, closed, or both.
- none: Wildcard expressions are not accepted.
ignore_throttled boolean Deprecated

If true, concrete, expanded, or aliased indices are ignored when frozen. NOTE: This option is only supported when specifying an index expression. You will get an error if you specify index options to the _resolve/cluster API endpoint that takes no index expression.
ignore_unavailable boolean

If false, the request returns an error if it targets a missing or closed index. NOTE: This option is only supported when specifying an index expression. You will get an error if you specify index options to the _resolve/cluster API endpoint that takes no index expression.
timeout string

The maximum time to wait for remote clusters to respond. If a remote cluster does not respond within this timeout period, the API response will show the cluster as not connected and include an error message that the request timed out.

The default timeout is unset and the query can take as long as the networking layer is configured to wait for remote clusters that are not responding (typically 30 seconds).

Responses

200 application/json
Hide response attribute Show response attribute object
- * object Additional properties
  
  Hide * attributes Show * attributes object
  
  connected boolean Required
  
  Whether the remote cluster is connected to the local (querying) cluster.
  
  skip_unavailable boolean Required
  
  The skip_unavailable setting for a remote cluster.
  
  matching_indices boolean
  
  Whether the index expression provided in the request matches any indices, aliases or data streams on the cluster.
  
  error string
  
  Provides error messages that are likely to occur if you do a search with this index expression on the specified cluster (for example, lack of security privileges to query an index).
  
  version object
  
  Hide version attributes Show version attributes object
  
  build_flavor string Required
  
  minimum_index_compatibility_version string Required
  
  minimum_wire_compatibility_version string Required
  
  number string Required

GET /_resolve/cluster/{name}

curl \
 --request GET 'http://api.example.com/_resolve/cluster/{name}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_resolve/cluster/my-index*,clust*:my-index*`. Each cluster has its own response section. The cluster you sent the request to is labelled as "(local)".

{
  "(local)": {
    "connected": true,
    "skip_unavailable": false,
    "matching_indices": true,
    "version": {
      "number": "8.13.0",
      "build_flavor": "default",
      "minimum_wire_compatibility_version": "7.17.0",
      "minimum_index_compatibility_version": "7.0.0"
    }
  },
  "cluster_one": {
    "connected": true,
    "skip_unavailable": true,
    "matching_indices": true,
    "version": {
      "number": "8.13.0",
      "build_flavor": "default",
      "minimum_wire_compatibility_version": "7.17.0",
      "minimum_index_compatibility_version": "7.0.0"
    }
  },
  "cluster_two": {
    "connected": true,
    "skip_unavailable": false,
    "matching_indices": true,
    "version": {
      "number": "8.13.0",
      "build_flavor": "default",
      "minimum_wire_compatibility_version": "7.17.0",
      "minimum_index_compatibility_version": "7.0.0"
    }
  }
}

A successful response from `GET /_resolve/cluster/not-present,clust*:my-index*,oldcluster:*?ignore_unavailable=false&timeout=5s`. This type of request can be used to identify potential problems with your cross-cluster search. Note also that a `timeout` of 5 seconds is sent, which sets the maximum time the query will wait for remote clusters to respond. The local cluster has no index called `not_present`. Searching with `ignore_unavailable=false` would return a "no such index" error. The `cluster_one` remote cluster has no indices that match the pattern `my-index*`. There may be no indices that match the pattern or the index could be closed. The `cluster_two` remote cluster is not connected (the attempt to connect failed). Since this cluster is marked as `skip_unavailable=false`, you should probably exclude this cluster from the search by adding `-cluster_two:*` to the search index expression. For `cluster_three`, the error message indicates that this remote cluster did not respond within the 5-second timeout window specified, so it is also marked as not connected. The `oldcluster` remote cluster shows that it has matching indices, but no version information is included. This indicates that the cluster version predates the introduction of the `_resolve/cluster` API, so you may want to exclude it from your cross-cluster search.

{
  "(local)": {
    "connected": true,
    "skip_unavailable": false,
    "error": "no such index [not_present]"
  },
  "cluster_one": {
    "connected": true,
    "skip_unavailable": true,
    "matching_indices": false,
    "version": {
      "number": "8.13.0",
      "build_flavor": "default",
      "minimum_wire_compatibility_version": "7.17.0",
      "minimum_index_compatibility_version": "7.0.0"
    }
  },
  "cluster_two": {
    "connected": false,
    "skip_unavailable": false
  },
  "cluster_three": {
    "connected": false,
    "skip_unavailable": false,
    "error": "Request timed out before receiving a response from the remote cluster"
  },
  "oldcluster": {
    "connected": true,
    "skip_unavailable": false,
    "matching_indices": true
  }
}

Shrink an index Added in 5.0.0

POST /{index}/_shrink/{target}

Api key auth Basic auth Bearer auth

Shrink an index into a new index with fewer primary shards.

Before you can shrink an index:

The index must be read-only.
A copy of every shard in the index must reside on the same node.
The index must have a green health status.

To make shard allocation easier, we recommend you also remove the index's replica shards. You can later re-add replica shards as part of the shrink operation.

The requested number of primary shards in the target index must be a factor of the number of shards in the source index. For example an index with 8 primary shards can be shrunk into 4, 2 or 1 primary shards or an index with 15 primary shards can be shrunk into 5, 3 or 1. If the number of shards in the index is a prime number it can only be shrunk into a single primary shard Before shrinking, a (primary or replica) copy of every shard in the index must be present on the same node.

The current write index on a data stream cannot be shrunk. In order to shrink the current write index, the data stream must first be rolled over so that a new write index is created and then the previous write index can be shrunk.

A shrink operation:

Creates a new target index with the same definition as the source index, but with a smaller number of primary shards.
Hard-links segments from the source index into the target index. If the file system does not support hard-linking, then all segments are copied into the new index, which is a much more time consuming process. Also if using multiple data paths, shards on different data paths require a full copy of segment files if they are not on the same disk since hardlinks do not work across disks.
Recovers the target index as though it were a closed index which had just been re-opened. Recovers shards to the .routing.allocation.initial_recovery._id index setting.

IMPORTANT: Indices can only be shrunk if they satisfy the following requirements:

The target index must not exist.
The source index must have more primary shards than the target index.
The number of primary shards in the target index must be a factor of the number of primary shards in the source index. The source index must have more primary shards than the target index.
The index must not contain more than 2,147,483,519 documents in total across all shards that will be shrunk into a single shard on the target index as this is the maximum number of docs that can fit into a single shard.
The node handling the shrink process must have sufficient free disk space to accommodate a second copy of the existing index.

Path parameters

index string Required

Name of the source index to shrink.
target string Required

Name of the target index to create.

Query parameters

master_timeout string

Period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.
timeout string

Period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.
wait_for_active_shards number | string

The number of shard copies that must be active before proceeding with the operation. Set to all or any positive integer up to the total number of shards in the index (number_of_replicas+1).

application/json

Body

aliases object

The key is the alias name. Index alias names support date math.
Hide aliases attribute Show aliases attribute object
- * object Additional properties
  Hide * attributes Show * attributes object
  
  filter object
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  index_routing string
  
  is_hidden boolean
  
  If true, the alias is hidden. All indices for the alias must have the same is_hidden value.
  
  is_write_index boolean
  
  If true, the index is the write index for the alias.
  
  routing string
  
  search_routing string
settings object

Configuration options for the target index.
Hide settings attribute Show settings attribute object
- * object Additional properties

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledged boolean Required
- shards_acknowledged boolean Required
- index string Required

POST /{index}/_shrink/{target}

curl \
 --request POST 'http://api.example.com/{index}/_shrink/{target}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"settings\": {\n    \"index.routing.allocation.require._name\": null,\n    \"index.blocks.write\": null\n  }\n}"'

Request example

{
  "settings": {
    "index.routing.allocation.require._name": null,
    "index.blocks.write": null
  }
}

Perform inference on the service Added in 8.11.0

POST /_inference/{inference_id}

Api key auth Basic auth Bearer auth

This API enables you to use machine learning models to perform specific tasks on data that you provide as an input. It returns a response with the results of the tasks. The inference endpoint you use can perform one specific task that has been defined when the endpoint was created with the create inference API.

For details about using this API with a service, such as Amazon Bedrock, Anthropic, or HuggingFace, refer to the service-specific documentation.

The inference APIs enable you to use certain services, such as built-in machine learning models (ELSER, E5), models uploaded through Eland, Cohere, OpenAI, Azure, Google AI Studio, Google Vertex AI, Anthropic, Watsonx.ai, or Hugging Face. For built-in models and models uploaded through Eland, the inference APIs offer an alternative way to use and manage trained models. However, if you do not plan to use the inference APIs to use these models or if you want to use non-NLP models, use the machine learning trained model APIs.

Path parameters

inference_id string Required

The unique identifier for the inference endpoint.

Query parameters

timeout string

The amount of time to wait for the inference request to complete.

application/json

Body

query string

The query input, which is required only for the rerank task. It is not required for other tasks.
input string | array[string] Required

The text on which you want to perform the inference task. It can be a single string or an array.

Inference endpoints for the completion task type currently only support a single string as input.

One of:
string-1 string array-2 array[string]
task_settings object

Responses

200 application/json
Hide response attributes Show response attributes object
- text_embedding_bytes array[object]
  
  Hide text_embedding_bytes attribute Show text_embedding_bytes attribute object
  
  embedding array[number] Required
  
  Text Embedding results containing bytes are represented as Dense Vectors of bytes.
- text_embedding_bits array[object]
  
  Hide text_embedding_bits attribute Show text_embedding_bits attribute object
  
  embedding array[number] Required
  
  Text Embedding results containing bytes are represented as Dense Vectors of bytes.
- text_embedding array[object]
  
  Hide text_embedding attribute Show text_embedding attribute object
  
  embedding array[number] Required
  
  Text Embedding results are represented as Dense Vectors of floats.
- sparse_embedding array[object]
  
  Hide sparse_embedding attribute Show sparse_embedding attribute object
  
  embedding object Required
  
  Sparse Embedding tokens are represented as a dictionary of string to double.
  
  Hide embedding attribute Show embedding attribute object
  
  * number Additional properties
- completion array[object]
  
  Hide completion attribute Show completion attribute object
  
  result string Required
- rerank array[object]
  
  Hide rerank attributes Show rerank attributes object
  
  index number Required
  
  relevance_score number Required
  
  text string

POST /_inference/{inference_id}

curl \
 --request POST 'http://api.example.com/_inference/{inference_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"query":"string","input":"string","task_settings":{}}'

Create an Azure OpenAI inference endpoint Added in 8.14.0

PUT /_inference/{task_type}/{azureopenai_inference_id}

Api key auth Basic auth Bearer auth

Create an inference endpoint to perform an inference task with the azureopenai service.

The list of chat completion models that you can choose from in your Azure OpenAI deployment include:

The list of embeddings models that you can choose from in your deployment can be found in the Azure models documentation.

Path parameters

task_type string Required

The type of the inference task that the model will perform. NOTE: The chat_completion task type only supports streaming and only through the _stream API.

Values are completion or text_embedding.
azureopenai_inference_id string Required

The unique identifier of the inference endpoint.

application/json

Body

chunking_settings object
Hide chunking_settings attributes Show chunking_settings attributes object
- max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
- overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
- sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
- strategy string
  
  The chunking strategy: sentence or word.
service string Required

Value is azureopenai.
service_settings object Required
Hide service_settings attributes Show service_settings attributes object
- api_key string
  
  A valid API key for your Azure OpenAI account. You must specify either api_key or entra_id. If you do not provide either or you provide both, you will receive an error when you try to create your model.
  
  IMPORTANT: You need to provide the API key only once, during the inference model creation. The get inference endpoint API does not retrieve your API key. After creating the inference model, you cannot change the associated API key. If you want to use a different API key, delete the inference model and recreate it with the same name and the updated API key.
  
  External documentation
- api_version string Required
  
  The Azure API version ID to use. It is recommended to use the latest supported non-preview version.
- deployment_id string Required
  
  The deployment name of your deployed models. Your Azure OpenAI deployments can be found though the Azure OpenAI Studio portal that is linked to your subscription.
  
  External documentation
- entra_id string
  
  A valid Microsoft Entra token. You must specify either api_key or entra_id. If you do not provide either or you provide both, you will receive an error when you try to create your model.
  
  External documentation
- rate_limit object
  Hide rate_limit attribute Show rate_limit attribute object
  
  requests_per_minute number
  
  The number of requests allowed per minute.
- resource_name string Required
  
  The name of your Azure OpenAI resource. You can find this from the list of resources in the Azure Portal for your subscription.
  
  External documentation
task_settings object
Hide task_settings attribute Show task_settings attribute object
- user string
  
  For a completion or text_embedding task, specify the user issuing the request. This information can be used for abuse detection.

Responses

200 application/json
Hide response attributes Show response attributes object
- chunking_settings object
  
  Hide chunking_settings attributes Show chunking_settings attributes object
  
  max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
  
  overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
  
  sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
  
  strategy string
  
  The chunking strategy: sentence or word.
- service string Required
  
  The service type
- service_settings object Required
- task_settings object
- inference_id string Required
  
  The inference Id
- task_type string Required
  
  Values are sparse_embedding, text_embedding, rerank, completion, or chat_completion.

PUT /_inference/{task_type}/{azureopenai_inference_id}

curl \
 --request PUT 'http://api.example.com/_inference/{task_type}/{azureopenai_inference_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"service\": \"azureopenai\",\n    \"service_settings\": {\n        \"api_key\": \"Api-Key\",\n        \"resource_name\": \"Resource-name\",\n        \"deployment_id\": \"Deployment-id\",\n        \"api_version\": \"2024-02-01\"\n    }\n}"'

Request examples

Run `PUT _inference/text_embedding/azure_openai_embeddings` to create an inference endpoint that performs a `text_embedding` task. You do not specify a model, as it is defined already in the Azure OpenAI deployment.

{
    "service": "azureopenai",
    "service_settings": {
        "api_key": "Api-Key",
        "resource_name": "Resource-name",
        "deployment_id": "Deployment-id",
        "api_version": "2024-02-01"
    }
}

Run `PUT _inference/completion/azure_openai_completion` to create an inference endpoint that performs a `completion` task.

{
    "service": "azureopenai",
    "service_settings": {
        "api_key": "Api-Key",
        "resource_name": "Resource-name",
        "deployment_id": "Deployment-id",
        "api_version": "2024-02-01"
    }
}

Create an Google AI Studio inference endpoint Added in 8.15.0

PUT /_inference/{task_type}/{googleaistudio_inference_id}

Api key auth Basic auth Bearer auth

Create an inference endpoint to perform an inference task with the googleaistudio service.

Path parameters

task_type string Required

The type of the inference task that the model will perform.

Values are completion or text_embedding.
googleaistudio_inference_id string Required

The unique identifier of the inference endpoint.

application/json

Body

chunking_settings object
Hide chunking_settings attributes Show chunking_settings attributes object
- max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
- overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
- sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
- strategy string
  
  The chunking strategy: sentence or word.
service string Required

Value is googleaistudio.
service_settings object Required
Hide service_settings attributes Show service_settings attributes object
- api_key string Required
  
  A valid API key of your Google Gemini account.
- model_id string Required
  
  The name of the model to use for the inference task. Refer to the Google documentation for the list of supported models.
  
  External documentation
- rate_limit object
  Hide rate_limit attribute Show rate_limit attribute object
  
  requests_per_minute number
  
  The number of requests allowed per minute.

Responses

200 application/json
Hide response attributes Show response attributes object
- chunking_settings object
  
  Hide chunking_settings attributes Show chunking_settings attributes object
  
  max_chunk_size number
  
  The maximum size of a chunk in words. This value cannot be higher than 300 or lower than 20 (for sentence strategy) or 10 (for word strategy).
  
  overlap number
  
  The number of overlapping words for chunks. It is applicable only to a word chunking strategy. This value cannot be higher than half the max_chunk_size value.
  
  sentence_overlap number
  
  The number of overlapping sentences for chunks. It is applicable only for a sentence chunking strategy. It can be either 1 or 0.
  
  strategy string
  
  The chunking strategy: sentence or word.
- service string Required
  
  The service type
- service_settings object Required
- task_settings object
- inference_id string Required
  
  The inference Id
- task_type string Required
  
  Values are sparse_embedding, text_embedding, rerank, completion, or chat_completion.

PUT /_inference/{task_type}/{googleaistudio_inference_id}

curl \
 --request PUT 'http://api.example.com/_inference/{task_type}/{googleaistudio_inference_id}' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n    \"service\": \"googleaistudio\",\n    \"service_settings\": {\n        \"api_key\": \"api-key\",\n        \"model_id\": \"model-id\"\n    }\n}"'

Request example

Run `PUT _inference/completion/google_ai_studio_completion` to create an inference endpoint to perform a `completion` task type.

{
    "service": "googleaistudio",
    "service_settings": {
        "api_key": "api-key",
        "model_id": "model-id"
    }
}

Update the license

POST /_license

Api key auth Basic auth Bearer auth

You can update your license at runtime without shutting down your nodes. License updates take effect immediately. If the license you are installing does not support all of the features that were available with your previous license, however, you are notified in the response. You must then re-submit the API request with the acknowledge parameter set to true.

NOTE: If Elasticsearch security features are enabled and you are installing a gold or higher license, you must enable TLS on the transport networking layer before you install the license. If the operator privileges feature is enabled, only operator users can use this API.

Query parameters

acknowledge boolean

Specifies whether you acknowledge the license changes.
master_timeout string

The period to wait for a connection to the master node.
timeout string

The period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

application/json

Body

license object
Hide license attributes Show license attributes object
- expiry_date_in_millis number
  
  Time unit for milliseconds
- issue_date_in_millis number
  
  Time unit for milliseconds
- start_date_in_millis number
  
  Time unit for milliseconds
- issued_to string Required
- issuer string Required
- max_nodes number | string | null
  
  One of:
  number-1 number string-2 string | null
- max_resource_units number
- signature string Required
- type string Required
  
  Values are missing, trial, basic, standard, dev, silver, gold, platinum, or enterprise.
- uid string Required
licenses array[object]

A sequence of one or more JSON documents containing the license information.
Hide licenses attributes Show licenses attributes object
- expiry_date_in_millis number
  
  Time unit for milliseconds
- issue_date_in_millis number
  
  Time unit for milliseconds
- start_date_in_millis number
  
  Time unit for milliseconds
- issued_to string Required
- issuer string Required
- max_nodes number | string | null
  
  One of:
  number-1 number string-2 string | null
- max_resource_units number
- signature string Required
- type string Required
  
  Values are missing, trial, basic, standard, dev, silver, gold, platinum, or enterprise.
- uid string Required

Responses

200 application/json
Hide response attributes Show response attributes object
- acknowledge object
  
  Hide acknowledge attributes Show acknowledge attributes object
  
  license array[string] Required
  
  message string Required
- acknowledged boolean Required
- license_status string Required
  
  Values are active, valid, invalid, or expired.

POST /_license

curl \
 --request POST 'http://api.example.com/_license' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"licenses\": [\n    {\n      \"uid\":\"893361dc-9749-4997-93cb-802e3d7fa4xx\",\n      \"type\":\"basic\",\n      \"issue_date_in_millis\":1411948800000,\n      \"expiry_date_in_millis\":1914278399999,\n      \"max_nodes\":1,\n      \"issued_to\":\"issuedTo\",\n      \"issuer\":\"issuer\",\n      \"signature\":\"xx\"\n    }\n    ]\n}"'

Request example

Run `PUT _license` to update to a basic license. NOTE: These values are invalid; you must substitute the appropriate contents from your license file.

{
  "licenses": [
    {
      "uid":"893361dc-9749-4997-93cb-802e3d7fa4xx",
      "type":"basic",
      "issue_date_in_millis":1411948800000,
      "expiry_date_in_millis":1914278399999,
      "max_nodes":1,
      "issued_to":"issuedTo",
      "issuer":"issuer",
      "signature":"xx"
    }
    ]
}

Response examples (200)

If you update to a basic license and you previously had a license with more features, you receive this type of response. You must re-submit the API request and set the `acknowledge` parameter to `true`.

{
  "acknowledged": false,
  "license_status": "valid",
  "acknowledge": {
    "message": "\"\"\"This license update requires acknowledgement. To acknowledge the license, please read the following messages and update the license again, this time with the \"acknowledge=true\" parameter:\"\"\"",
    "watcher": [
      "Watcher will be disabled"
    ],
    "logstash": [
      "Logstash will no longer poll for centrally-managed pipelines"
    ],
    "security": [
      "The following X-Pack security functionality will be disabled ..."
    ]
  }
}

Get the basic license status Added in 6.3.0

GET /_license/basic_status

Api key auth Basic auth Bearer auth

Responses

200 application/json
Hide response attribute Show response attribute object
- eligible_to_start_basic boolean Required

GET /_license/basic_status

curl \
 --request GET 'http://api.example.com/_license/basic_status' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response from `GET /_license/basic_status`.

{
  "eligible_to_start_basic": true
}

Close anomaly detection jobs Added in 5.4.0

POST /_ml/anomaly_detectors/{job_id}/_close

Api key auth Basic auth Bearer auth

A job can be opened and closed multiple times throughout its lifecycle. A closed job cannot receive data or perform analysis operations, but you can still explore and navigate results. When you close a job, it runs housekeeping tasks such as pruning the model history, flushing buffers, calculating final results and persisting the model snapshots. Depending upon the size of the job, it could take several minutes to close and the equivalent time to re-open. After it is closed, the job has a minimal overhead on the cluster except for maintaining its meta data. Therefore it is a best practice to close jobs that are no longer required to process data. If you close an anomaly detection job whose datafeed is running, the request first tries to stop the datafeed. This behavior is equivalent to calling stop datafeed API with the same timeout and force parameters as the close job request. When a datafeed that has a specified end date stops, it automatically closes its associated job.

Path parameters

job_id string Required

Identifier for the anomaly detection job. It can be a job identifier, a group name, or a wildcard expression. You can close multiple anomaly detection jobs in a single API request by using a group name, a comma-separated list of jobs, or a wildcard expression. You can close all jobs by using _all or by specifying * as the job identifier.

Query parameters

allow_no_match boolean

Specifies what to do when the request: contains wildcard expressions and there are no jobs that match; contains the _all string or no identifiers and there are no matches; or contains wildcard expressions and there are only partial matches. By default, it returns an empty jobs array when there are no matches and the subset of results when there are partial matches. If false, the request returns a 404 status code when there are no matches or only partial matches.
force boolean

Use to close a failed job, or to forcefully close a job which has not responded to its initial close request; the request returns without performing the associated actions such as flushing buffers and persisting the model snapshots. If you want the job to be in a consistent state after the close job API returns, do not set to true. This parameter should be used only in situations where the job has already failed or where you are not interested in results the job might have recently produced or might produce in the future.
timeout string

Controls the time to wait until a job has closed.

application/json

Body

allow_no_match boolean

Refer to the description for the allow_no_match query parameter.
force boolean

Refer to the descriptiion for the force query parameter.
timeout string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

Responses

200 application/json
Hide response attribute Show response attribute object
- closed boolean Required

POST /_ml/anomaly_detectors/{job_id}/_close

curl \
 --request POST 'http://api.example.com/_ml/anomaly_detectors/{job_id}/_close' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"allow_no_match":true,"force":true,"timeout":"string"}'

Response examples (200)

A successful response when closing anomaly detection jobs.

{
  "closed": true
}

Delete expired ML data Added in 5.4.0

DELETE /_ml/_delete_expired_data

Api key auth Basic auth Bearer auth

Delete all job results, model snapshots and forecast data that have exceeded their retention days period. Machine learning state documents that are not associated with any job are also deleted. You can limit the request to a single or set of anomaly detection jobs by using a job identifier, a group name, a comma-separated list of jobs, or a wildcard expression. You can delete expired data for all anomaly detection jobs by using _all, by specifying * as the <job_id>, or by omitting the <job_id>.

Query parameters

requests_per_second number

The desired requests per second for the deletion processes. The default behavior is no throttling.
timeout string

How long can the underlying delete processes run until they are canceled.

application/json

Body

requests_per_second number

The desired requests per second for the deletion processes. The default behavior is no throttling.
timeout string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

Responses

200 application/json
Hide response attribute Show response attribute object
- deleted boolean Required

DELETE /_ml/_delete_expired_data

curl \
 --request DELETE 'http://api.example.com/_ml/_delete_expired_data' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"requests_per_second":42.0,"timeout":"string"}'

Response examples (200)

A successful response when deleting expired and unused anomaly detection data.

{
  "deleted": true
}

Delete forecasts from a job Added in 6.5.0

DELETE /_ml/anomaly_detectors/{job_id}/_forecast/{forecast_id}

Api key auth Basic auth Bearer auth

By default, forecasts are retained for 14 days. You can specify a different retention period with the expires_in parameter in the forecast jobs API. The delete forecast API enables you to delete one or more forecasts before they expire.

Path parameters

job_id string Required

Identifier for the anomaly detection job.
forecast_id string Required

A comma-separated list of forecast identifiers. If you do not specify this optional parameter or if you specify _all or * the API deletes all forecasts from the job.

Query parameters

allow_no_forecasts boolean

Specifies whether an error occurs when there are no forecasts. In particular, if this parameter is set to false and there are no forecasts associated with the job, attempts to delete all forecasts return an error.
timeout string

Specifies the period of time to wait for the completion of the delete operation. When this period of time elapses, the API fails and returns an error.

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

DELETE /_ml/anomaly_detectors/{job_id}/_forecast/{forecast_id}

curl \
 --request DELETE 'http://api.example.com/_ml/anomaly_detectors/{job_id}/_forecast/{forecast_id}' \
 --header "Authorization: $API_KEY"

Response examples (200)

A successful response when deleting a forecast from an anomaly detection job.

{
  "acknowledged": true
}

Get anomaly detection job stats Added in 5.5.0

GET /_ml/anomaly_detectors/_stats

Api key auth Basic auth Bearer auth

Query parameters

allow_no_match boolean
Specifies what to do when the request:
1. Contains wildcard expressions and there are no jobs that match.
2. Contains the _all string or no identifiers and there are no matches.
3. Contains wildcard expressions and there are only partial matches.
If true, the API returns an empty jobs array when there are no matches and the subset of results when there are partial matches. If false, the API returns a 404 status code when there are no matches or only partial matches.

Responses

200 application/json
Hide response attributes Show response attributes object
- count number Required
- jobs array[object] Required
  
  Hide jobs attributes Show jobs attributes object
  
  assignment_explanation string
  
  For open anomaly detection jobs only, contains messages relating to the selection of a node to run the job.
  
  data_counts object Required
  
  Hide data_counts attributes Show data_counts attributes object
  
  bucket_count number Required
  
  earliest_record_timestamp number
  
  empty_bucket_count number Required
  
  input_bytes number Required
  
  input_field_count number Required
  
  input_record_count number Required
  
  invalid_date_count number Required
  
  job_id string Required
  
  last_data_time number
  
  latest_empty_bucket_timestamp number
  
  latest_record_timestamp number
  
  latest_sparse_bucket_timestamp number
  
  latest_bucket_timestamp number
  
  log_time number
  
  missing_field_count number Required
  
  out_of_order_timestamp_count number Required
  
  processed_field_count number Required
  
  processed_record_count number Required
  
  sparse_bucket_count number Required
  
  forecasts_stats object Required
  
  Hide forecasts_stats attributes Show forecasts_stats attributes object
  
  memory_bytes object
  
  Hide memory_bytes attributes Show memory_bytes attributes object
  
  avg number Required
  
  max number Required
  
  min number Required
  
  total number Required
  
  processing_time_ms object
  
  Hide processing_time_ms attributes Show processing_time_ms attributes object
  
  avg number Required
  
  max number Required
  
  min number Required
  
  total number Required
  
  records object
  
  Hide records attributes Show records attributes object
  
  avg number Required
  
  max number Required
  
  min number Required
  
  total number Required
  
  status object
  
  Hide status attribute Show status attribute object
  
  * number Additional properties
  
  total number Required
  
  forecasted_jobs number Required
  
  job_id string Required
  
  Identifier for the anomaly detection job.
  
  model_size_stats object Required
  
  Hide model_size_stats attributes Show model_size_stats attributes object
  
  bucket_allocation_failures_count number Required
  
  job_id string Required
  
  log_time string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  memory_status string Required
  
  Values are ok, soft_limit, or hard_limit.
  
  model_bytes number | string Required
  
  One of:
  ByteSize number ByteSize string
  
  model_bytes_exceeded number | string
  
  One of:
  ByteSize number ByteSize string
  
  model_bytes_memory_limit number | string
  
  One of:
  ByteSize number ByteSize string
  
  output_memory_allocator_bytes number | string
  
  One of:
  ByteSize number ByteSize string
  
  peak_model_bytes number | string
  
  One of:
  ByteSize number ByteSize string
  
  assignment_memory_basis string
  
  result_type string Required
  
  total_by_field_count number Required
  
  total_over_field_count number Required
  
  total_partition_field_count number Required
  
  categorization_status string Required
  
  Values are ok or warn.
  
  categorized_doc_count number Required
  
  dead_category_count number Required
  
  failed_category_count number Required
  
  frequent_category_count number Required
  
  rare_category_count number Required
  
  total_category_count number Required
  
  timestamp number
  
  node object
  
  Hide node attributes Show node attributes object
  
  name string Required
  
  ephemeral_id string Required
  
  id string Required
  
  transport_address string Required
  
  attributes object Required
  
  Hide attributes attribute Show attributes attribute object
  
  * string Additional properties
  
  open_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  state string Required
  
  Values are closing, closed, opened, failed, or opening.
  
  timing_stats object Required
  
  Hide timing_stats attributes Show timing_stats attributes object
  
  average_bucket_processing_time_ms number
  
  Time unit for fractional milliseconds
  
  bucket_count number Required
  
  exponential_average_bucket_processing_time_ms number
  
  Time unit for fractional milliseconds
  
  exponential_average_bucket_processing_time_per_hour_ms number
  
  Time unit for fractional milliseconds
  
  job_id string Required
  
  total_bucket_processing_time_ms number
  
  Time unit for fractional milliseconds
  
  maximum_bucket_processing_time_ms number
  
  Time unit for fractional milliseconds
  
  minimum_bucket_processing_time_ms number
  
  Time unit for fractional milliseconds
  
  deleting boolean
  
  Indicates that the process of deleting the job is in progress but not yet completed. It is only reported when true.

GET /_ml/anomaly_detectors/_stats

curl \
 --request GET 'http://api.example.com/_ml/anomaly_detectors/_stats' \
 --header "Authorization: $API_KEY"

Update an anomaly detection job Added in 5.5.0

POST /_ml/anomaly_detectors/{job_id}/_update

Api key auth Basic auth Bearer auth

Updates certain properties of an anomaly detection job.

Path parameters

job_id string Required

Identifier for the job.

application/json

Body Required

allow_lazy_open boolean

Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node. If false and a machine learning node with capacity to run the job cannot immediately be found, the open anomaly detection jobs API returns an error. However, this is also subject to the cluster-wide xpack.ml.max_lazy_ml_nodes setting. If this option is set to true, the open anomaly detection jobs API does not return an error and the job waits in the opening state until sufficient machine learning node capacity is available.
analysis_limits object
Hide analysis_limits attribute Show analysis_limits attribute object
- model_memory_limit string Required
  
  Limits can be applied for the resources required to hold the mathematical models in memory. These limits are approximate and can be set per job. They do not control the memory used by other processes, for example the Elasticsearch Java processes.
background_persist_interval string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
custom_settings object

Advanced configuration option. Contains custom meta data about the job. For example, it can contain custom URL information as shown in Adding custom URLs to machine learning results.
Hide custom_settings attribute Show custom_settings attribute object
- * object Additional properties
categorization_filters array[string]
description string

A description of the job.
model_plot_config object
Hide model_plot_config attributes Show model_plot_config attributes object
- annotations_enabled boolean
  
  If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.
- enabled boolean
  
  If true, enables calculation and storage of the model bounds for each entity that is being analyzed.
- terms string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
model_prune_window string

A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
daily_model_snapshot_retention_after_days number

Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job. Valid values range from 0 to model_snapshot_retention_days. For jobs created before version 7.8.0, the default value matches model_snapshot_retention_days.
model_snapshot_retention_days number

Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job.
renormalization_window_days number

Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen.
results_retention_days number

Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained.
groups array[string]

A list of job groups. A job can belong to no groups or many.
detectors array[object]

An array of detector update objects.
Hide detectors attributes Show detectors attributes object
- detector_index number Required
  
  A unique identifier for the detector. This identifier is based on the order of the detectors in the analysis_config, starting at zero.
- description string
  
  A description of the detector.
- custom_rules array[object]
  
  An array of custom rule objects, which enable you to customize the way detectors operate. For example, a rule may dictate to the detector conditions under which results should be skipped. Kibana refers to custom rules as job rules.
  Hide custom_rules attributes Show custom_rules attributes object
  
  actions array[string]
  
  The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.
  
  Supported values include:
  
  skip_result: The result will not be created. Unless you also specify skip_model_update, the model will be updated as usual with the corresponding series value.
  
  skip_model_update: The value for that series will not be used to update the model. Unless you also specify skip_result, the results will be created as usual. This action is suitable when certain values are expected to be consistently anomalous and they affect the model in a way that negatively impacts the rest of the results.
  
  Values are skip_result or skip_model_update.
  
  conditions array[object]
  
  An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.
  
  Hide conditions attributes Show conditions attributes object
  
  applies_to string Required
  
  Values are actual, typical, diff_from_typical, or time.
  
  operator string Required
  
  Values are gt, gte, lt, or lte.
  
  value number Required
  
  The value that is compared against the applies_to field using the operator.
  
  scope object
  
  A scope of series where the rule applies. A rule must either have a non-empty scope or at least one condition. By default, the scope includes all series. Scoping is allowed for any of the fields that are also specified in by_field_name, over_field_name, or partition_field_name.
  
  Hide scope attribute Show scope attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  filter_id string Required
  
  filter_type string
  
  Values are include or exclude.
per_partition_categorization object
Hide per_partition_categorization attributes Show per_partition_categorization attributes object
- enabled boolean
  
  To enable this setting, you must also set the partition_field_name property to the same value in every detector that uses the keyword mlcategory. Otherwise, job creation fails.
- stop_on_warn boolean
  
  This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.

Responses

200 application/json
Hide response attributes Show response attributes object
- allow_lazy_open boolean Required
- analysis_config object Required
  
  Hide analysis_config attributes Show analysis_config attributes object
  
  bucket_span string Required
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  categorization_analyzer string | object
  
  One of:
  CategorizationAnalyzer string CategorizationAnalyzerDefinition object
  
  Hide attributes Show attributes
  
  char_filter array
  
  One or more character filters. In addition to the built-in character filters, other plugins can provide more character filters. If this property is not specified, no character filters are applied prior to categorization. If you are customizing some other aspect of the analyzer and you need to achieve the equivalent of categorization_filters (which are not permitted when some other aspect of the analyzer is customized), add them here as pattern replace character filters.
  
  External documentation
  
  filter array
  
  One or more token filters. In addition to the built-in token filters, other plugins can provide more token filters. If this property is not specified, no token filters are applied prior to categorization.
  
  External documentation
  
  tokenizer object | string
  
  The name or definition of the tokenizer to use after character filters are applied. This property is compulsory if categorization_analyzer is specified as an object. Machine learning provides a tokenizer called ml_standard that tokenizes in a way that has been determined to produce good categorization results on a variety of log file formats for logs in English. If you want to use that tokenizer but change the character or token filters, specify "tokenizer": "ml_standard" in your categorization_analyzer. Additionally, the ml_classic tokenizer is available, which tokenizes in the same way as the non-customizable tokenizer in old versions of the product (before 6.2). ml_classic was the default categorization tokenizer in versions 6.2 to 7.13, so if you need categorization identical to the default for jobs created in these versions, specify "tokenizer": "ml_classic" in your categorization_analyzer.
  
  One of:
  object-1 object string-2 string
  
  Tokenizer reference
  
  categorization_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  categorization_filters array[string]
  
  If categorization_field_name is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values.
  
  detectors array[object] Required
  
  An array of detector configuration objects. Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job.
  
  Hide detectors attributes Show detectors attributes object
  
  by_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  custom_rules array[object]
  
  An array of custom rule objects, which enable you to customize the way detectors operate. For example, a rule may dictate to the detector conditions under which results should be skipped. Kibana refers to custom rules as job rules.
  
  Hide custom_rules attributes Show custom_rules attributes object
  
  actions array[string]
  
  The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.
  
  Supported values include:
  
  skip_result: The result will not be created. Unless you also specify skip_model_update, the model will be updated as usual with the corresponding series value.
  
  skip_model_update: The value for that series will not be used to update the model. Unless you also specify skip_result, the results will be created as usual. This action is suitable when certain values are expected to be consistently anomalous and they affect the model in a way that negatively impacts the rest of the results.
  
  Values are skip_result or skip_model_update.
  
  conditions array[object]
  
  An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.
  
  scope object
  
  A scope of series where the rule applies. A rule must either have a non-empty scope or at least one condition. By default, the scope includes all series. Scoping is allowed for any of the fields that are also specified in by_field_name, over_field_name, or partition_field_name.
  
  detector_description string
  
  A description of the detector.
  
  detector_index number
  
  A unique identifier for the detector. This identifier is based on the order of the detectors in the analysis_config, starting at zero.
  
  exclude_frequent string
  
  Values are all, none, by, or over.
  
  field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  function string Required
  
  The analysis function that is used. For example, count, rare, mean, min, max, and sum.
  
  over_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  partition_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  use_null boolean
  
  Defines whether a new series is used as the null series when there is no value for the by or partition fields.
  
  influencers array[string] Required
  
  A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity.
  
  model_prune_window string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  latency string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  multivariate_by_fields boolean
  
  This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to true, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold.
  
  per_partition_categorization object
  
  Hide per_partition_categorization attributes Show per_partition_categorization attributes object
  
  enabled boolean
  
  To enable this setting, you must also set the partition_field_name property to the same value in every detector that uses the keyword mlcategory. Otherwise, job creation fails.
  
  stop_on_warn boolean
  
  This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.
  
  summary_count_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- analysis_limits object Required
  
  Hide analysis_limits attributes Show analysis_limits attributes object
  
  categorization_examples_limit number
  
  The maximum number of examples stored per category in memory and in the results data store. If you increase this value, more examples are available, however it requires that you have more storage available. If you set this value to 0, no examples are stored. NOTE: The categorization_examples_limit applies only to analysis that uses categorization.
  
  model_memory_limit number | string
  
  One of:
  ByteSize number ByteSize string
- background_persist_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- create_time number
  
  Time unit for milliseconds
- finished_time number
  
  Time unit for milliseconds
- custom_settings object
  
  Hide custom_settings attribute Show custom_settings attribute object
  
  * string Additional properties
- daily_model_snapshot_retention_after_days number Required
- data_description object Required
  
  Hide data_description attributes Show data_description attributes object
  
  format string
  
  Only JSON format is supported at this time.
  
  time_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  time_format string
  
  The time format, which can be epoch, epoch_ms, or a custom pattern. The value epoch refers to UNIX or Epoch time (the number of seconds since 1 Jan 1970). The value epoch_ms indicates that time is measured in milliseconds since the epoch. The epoch and epoch_ms time formats accept either integer or real values. Custom patterns must conform to the Java DateTimeFormatter class. When you use date-time formatting patterns, it is recommended that you provide the full date, time and time zone. For example: yyyy-MM-dd'T'HH:mm:ssX. If the pattern that you specify is not sufficient to produce a complete timestamp, job creation fails.
  
  field_delimiter string
- datafeed_config object
  
  Hide datafeed_config attributes Show datafeed_config attributes object
  
  aggregations object
  
  authorization object
  
  Hide authorization attributes Show authorization attributes object
  
  api_key object
  
  Hide api_key attributes Show api_key attributes object
  
  id string Required
  
  The identifier for the API key.
  
  name string Required
  
  The name of the API key.
  
  roles array[string]
  
  If a user ID was used for the most recent update to the datafeed, its roles at the time of the update are listed in the response.
  
  service_account string
  
  If a service account was used for the most recent update to the datafeed, the account name is listed in the response.
  
  chunking_config object
  
  Hide chunking_config attributes Show chunking_config attributes object
  
  mode string Required
  
  Values are auto, manual, or off.
  
  time_span string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  datafeed_id string Required
  
  frequency string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  indices array[string] Required
  
  indexes array[string]
  
  job_id string Required
  
  max_empty_searches number
  
  query_delay string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  script_fields object
  
  Hide script_fields attribute Show script_fields attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  script object Required
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  ignore_failure boolean
  
  scroll_size number
  
  delayed_data_check_config object Required
  
  Hide delayed_data_check_config attributes Show delayed_data_check_config attributes object
  
  check_window string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  enabled boolean Required
  
  Specifies whether the datafeed periodically checks for delayed data.
  
  runtime_mappings object
  
  Hide runtime_mappings attribute Show runtime_mappings attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  indices_options object
  
  Hide indices_options attributes Show indices_options attributes object
  
  allow_no_indices boolean
  
  If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
  
  expand_wildcards string | array[string]
  
  ignore_unavailable boolean
  
  If true, missing or closed indices are not included in the response.
  
  ignore_throttled boolean
  
  If true, concrete, expanded or aliased indices are ignored when frozen.
  
  query object Required
  
  The Elasticsearch query domain-specific language (DSL). This value corresponds to the query object in an Elasticsearch search POST body. All the options that are supported by Elasticsearch can be used, as this object is passed verbatim to Elasticsearch. By default, this property has the following value: {"match_all": {"boost": 1}}.
  
  Query DSL
- description string
- groups array[string]
- job_id string Required
- job_type string Required
- job_version string Required
- model_plot_config object
  
  Hide model_plot_config attributes Show model_plot_config attributes object
  
  annotations_enabled boolean
  
  If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.
  
  enabled boolean
  
  If true, enables calculation and storage of the model bounds for each entity that is being analyzed.
  
  terms string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
- model_snapshot_id string
- model_snapshot_retention_days number Required
- renormalization_window_days number
- results_index_name string Required
- results_retention_days number

POST /_ml/anomaly_detectors/{job_id}/_update

curl \
 --request POST 'http://api.example.com/_ml/anomaly_detectors/{job_id}/_update' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"allow_lazy_open":true,"analysis_limits":{"model_memory_limit":"string"},"background_persist_interval":"string","custom_settings":{"additionalProperty1":{},"additionalProperty2":{}},"categorization_filters":["string"],"description":"string","model_plot_config":{"annotations_enabled":true,"enabled":true,"terms":"string"},"model_prune_window":"string","daily_model_snapshot_retention_after_days":42.0,"model_snapshot_retention_days":42.0,"renormalization_window_days":42.0,"results_retention_days":42.0,"groups":["string"],"detectors":[{"detector_index":42.0,"description":"string","custom_rules":[{"actions":["skip_result"],"conditions":[{"applies_to":"actual","operator":"gt","value":42.0}],"scope":{"additionalProperty1":{"filter_id":"string","filter_type":"include"},"additionalProperty2":{"filter_id":"string","filter_type":"include"}}}]}],"per_partition_categorization":{"enabled":true,"stop_on_warn":true}}'

Preview features used by data frame analytics Added in 7.13.0

POST /_ml/data_frame/analytics/{id}/_preview

Api key auth Basic auth Bearer auth

Preview the extracted features used by a data frame analytics config.

Path parameters

id string Required

Identifier for the data frame analytics job.

application/json

Body

config object
Hide config attributes Show config attributes object
- source object Required
  Hide source attributes Show source attributes object
  
  index string | array[string] Required
  
  runtime_mappings object
  
  Hide runtime_mappings attribute Show runtime_mappings attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  fields object
  
  For type composite
  
  Hide fields attribute Show fields attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  fetch_fields array[object]
  
  For type lookup
  
  Hide fetch_fields attributes Show fetch_fields attributes object
  
  field string Required
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  format string
  
  format string
  
  A custom format for date type runtime fields.
  
  input_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  target_index string
  
  script object
  
  Hide script attributes Show script attributes object
  
  source string
  
  The script source.
  
  id string
  
  params object
  
  Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  lang string
  
  Any of:
  ScriptLanguage string ScriptLanguage string
  
  Values are painless, expression, mustache, or java.
  
  options object
  
  Hide options attribute Show options attribute object
  
  * string Additional properties
  
  type string Required
  
  Values are boolean, composite, date, double, geo_point, geo_shape, ip, keyword, long, or lookup.
  
  _source object
  
  Hide _source attributes Show _source attributes object
  
  includes array[string] Required
  
  An array of strings that defines the fields that will be excluded from the analysis. You do not need to add fields with unsupported data types to excludes, these fields are excluded from the analysis automatically.
  
  excludes array[string] Required
  
  An array of strings that defines the fields that will be included in the analysis.
  
  query object
  
  The Elasticsearch query domain-specific language (DSL). This value corresponds to the query object in an Elasticsearch search POST body. All the options that are supported by Elasticsearch can be used, as this object is passed verbatim to Elasticsearch. By default, this property has the following value: {"match_all": {}}.
  
  Query DSL
- analysis object Required
  Hide analysis attributes Show analysis attributes object
  
  classification object
  
  Hide classification attributes Show classification attributes object
  
  alpha number
  
  Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This parameter affects loss calculations by acting as a multiplier of the tree depth. Higher alpha values result in shallower trees and faster training times. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to zero.
  
  dependent_variable string Required
  
  Defines which field of the document is to be predicted. It must match one of the fields in the index being used to train. If this field is missing from a document, then that document will not be used for training, but a prediction with the trained model will be generated for it. It is also known as continuous target variable. For classification analysis, the data type of the field must be numeric (integer, short, long, byte), categorical (ip or keyword), or boolean. There must be no more than 30 different values in this field. For regression analysis, the data type of the field must be numeric.
  
  downsample_factor number
  
  Advanced configuration option. Controls the fraction of data that is used to compute the derivatives of the loss function for tree training. A small value results in the use of a small fraction of the data. If this value is set to be less than 1, accuracy typically improves. However, too small a value may result in poor convergence for the ensemble and so require more trees. By default, this value is calculated during hyperparameter optimization. It must be greater than zero and less than or equal to 1.
  
  early_stopping_enabled boolean
  
  Advanced configuration option. Specifies whether the training process should finish if it is not finding any better performing models. If disabled, the training process can take significantly longer and the chance of finding a better performing model is unremarkable.
  
  eta number
  
  Advanced configuration option. The shrinkage applied to the weights. Smaller values result in larger forests which have a better generalization error. However, larger forests cause slower training. By default, this value is calculated during hyperparameter optimization. It must be a value between 0.001 and 1.
  
  eta_growth_rate_per_tree number
  
  Advanced configuration option. Specifies the rate at which eta increases for each new tree that is added to the forest. For example, a rate of 1.05 increases eta by 5% for each extra tree. By default, this value is calculated during hyperparameter optimization. It must be between 0.5 and 2.
  
  feature_bag_fraction number
  
  Advanced configuration option. Defines the fraction of features that will be used when selecting a random bag for each candidate split. By default, this value is calculated during hyperparameter optimization.
  
  feature_processors array[object]
  
  Advanced configuration option. A collection of feature preprocessors that modify one or more included fields. The analysis uses the resulting one or more features instead of the original document field. However, these features are ephemeral; they are not stored in the destination index. Multiple feature_processors entries can refer to the same document fields. Automatic categorical feature encoding still occurs for the fields that are unprocessed by a custom processor or that have categorical values. Use this property only if you want to override the automatic feature encoding of the specified fields.
  
  Hide feature_processors attributes Show feature_processors attributes object
  
  frequency_encoding object
  
  multi_encoding object
  
  n_gram_encoding object
  
  one_hot_encoding object
  
  target_mean_encoding object
  
  gamma number
  
  Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies a linear penalty associated with the size of individual trees in the forest. A high gamma value causes training to prefer small trees. A small gamma value results in larger individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.
  
  lambda number
  
  Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies an L2 regularization term which applies to leaf weights of the individual trees in the forest. A high lambda value causes training to favor small leaf weights. This behavior makes the prediction function smoother at the expense of potentially not being able to capture relevant relationships between the features and the dependent variable. A small lambda value results in large individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.
  
  max_optimization_rounds_per_hyperparameter number
  
  Advanced configuration option. A multiplier responsible for determining the maximum number of hyperparameter optimization steps in the Bayesian optimization procedure. The maximum number of steps is determined based on the number of undefined hyperparameters times the maximum optimization rounds per hyperparameter. By default, this value is calculated during hyperparameter optimization.
  
  max_trees number
  
  Advanced configuration option. Defines the maximum number of decision trees in the forest. The maximum value is 2000. By default, this value is calculated during hyperparameter optimization.
  
  num_top_feature_importance_values number
  
  Advanced configuration option. Specifies the maximum number of feature importance values per document to return. By default, no feature importance calculation occurs.
  
  prediction_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  randomize_seed number
  
  Defines the seed for the random generator that is used to pick training data. By default, it is randomly generated. Set it to a specific value to use the same training data each time you start a job (assuming other related parameters such as source and analyzed_fields are the same).
  
  soft_tree_depth_limit number
  
  Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This soft limit combines with the soft_tree_depth_tolerance to penalize trees that exceed the specified depth; the regularized loss increases quickly beyond this depth. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.
  
  soft_tree_depth_tolerance number
  
  Advanced configuration option. This option controls how quickly the regularized loss increases when the tree depth exceeds soft_tree_depth_limit. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.01.
  
  training_percent string | number
  
  One of:
  Percentage string Percentage number
  
  class_assignment_objective string
  
  num_top_classes number
  
  Defines the number of categories for which the predicted probabilities are reported. It must be non-negative or -1. If it is -1 or greater than the total number of categories, probabilities are reported for all categories; if you have a large number of categories, there could be a significant effect on the size of your destination index. NOTE: To use the AUC ROC evaluation method, num_top_classes must be set to -1 or a value greater than or equal to the total number of categories.
  
  outlier_detection object
  
  Hide outlier_detection attributes Show outlier_detection attributes object
  
  compute_feature_influence boolean
  
  Specifies whether the feature influence calculation is enabled.
  
  feature_influence_threshold number
  
  The minimum outlier score that a document needs to have in order to calculate its feature influence score. Value range: 0-1.
  
  method string
  
  The method that outlier detection uses. Available methods are lof, ldof, distance_kth_nn, distance_knn, and ensemble. The default value is ensemble, which means that outlier detection uses an ensemble of different methods and normalises and combines their individual outlier scores to obtain the overall outlier score.
  
  n_neighbors number
  
  Defines the value for how many nearest neighbors each method of outlier detection uses to calculate its outlier score. When the value is not set, different values are used for different ensemble members. This default behavior helps improve the diversity in the ensemble; only override it if you are confident that the value you choose is appropriate for the data set.
  
  outlier_fraction number
  
  The proportion of the data set that is assumed to be outlying prior to outlier detection. For example, 0.05 means it is assumed that 5% of values are real outliers and 95% are inliers.
  
  standardization_enabled boolean
  
  If true, the following operation is performed on the columns before computing outlier scores: (x_i - mean(x_i)) / sd(x_i).
  
  regression object
  
  Hide regression attributes Show regression attributes object
  
  alpha number
  
  Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This parameter affects loss calculations by acting as a multiplier of the tree depth. Higher alpha values result in shallower trees and faster training times. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to zero.
  
  dependent_variable string Required
  
  Defines which field of the document is to be predicted. It must match one of the fields in the index being used to train. If this field is missing from a document, then that document will not be used for training, but a prediction with the trained model will be generated for it. It is also known as continuous target variable. For classification analysis, the data type of the field must be numeric (integer, short, long, byte), categorical (ip or keyword), or boolean. There must be no more than 30 different values in this field. For regression analysis, the data type of the field must be numeric.
  
  downsample_factor number
  
  Advanced configuration option. Controls the fraction of data that is used to compute the derivatives of the loss function for tree training. A small value results in the use of a small fraction of the data. If this value is set to be less than 1, accuracy typically improves. However, too small a value may result in poor convergence for the ensemble and so require more trees. By default, this value is calculated during hyperparameter optimization. It must be greater than zero and less than or equal to 1.
  
  early_stopping_enabled boolean
  
  Advanced configuration option. Specifies whether the training process should finish if it is not finding any better performing models. If disabled, the training process can take significantly longer and the chance of finding a better performing model is unremarkable.
  
  eta number
  
  Advanced configuration option. The shrinkage applied to the weights. Smaller values result in larger forests which have a better generalization error. However, larger forests cause slower training. By default, this value is calculated during hyperparameter optimization. It must be a value between 0.001 and 1.
  
  eta_growth_rate_per_tree number
  
  Advanced configuration option. Specifies the rate at which eta increases for each new tree that is added to the forest. For example, a rate of 1.05 increases eta by 5% for each extra tree. By default, this value is calculated during hyperparameter optimization. It must be between 0.5 and 2.
  
  feature_bag_fraction number
  
  Advanced configuration option. Defines the fraction of features that will be used when selecting a random bag for each candidate split. By default, this value is calculated during hyperparameter optimization.
  
  feature_processors array[object]
  
  Advanced configuration option. A collection of feature preprocessors that modify one or more included fields. The analysis uses the resulting one or more features instead of the original document field. However, these features are ephemeral; they are not stored in the destination index. Multiple feature_processors entries can refer to the same document fields. Automatic categorical feature encoding still occurs for the fields that are unprocessed by a custom processor or that have categorical values. Use this property only if you want to override the automatic feature encoding of the specified fields.
  
  Hide feature_processors attributes Show feature_processors attributes object
  
  frequency_encoding object
  
  multi_encoding object
  
  n_gram_encoding object
  
  one_hot_encoding object
  
  target_mean_encoding object
  
  gamma number
  
  Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies a linear penalty associated with the size of individual trees in the forest. A high gamma value causes training to prefer small trees. A small gamma value results in larger individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.
  
  lambda number
  
  Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies an L2 regularization term which applies to leaf weights of the individual trees in the forest. A high lambda value causes training to favor small leaf weights. This behavior makes the prediction function smoother at the expense of potentially not being able to capture relevant relationships between the features and the dependent variable. A small lambda value results in large individual trees and slower training. By default, this value is calculated during hyperparameter optimization. It must be a nonnegative value.
  
  max_optimization_rounds_per_hyperparameter number
  
  Advanced configuration option. A multiplier responsible for determining the maximum number of hyperparameter optimization steps in the Bayesian optimization procedure. The maximum number of steps is determined based on the number of undefined hyperparameters times the maximum optimization rounds per hyperparameter. By default, this value is calculated during hyperparameter optimization.
  
  max_trees number
  
  Advanced configuration option. Defines the maximum number of decision trees in the forest. The maximum value is 2000. By default, this value is calculated during hyperparameter optimization.
  
  num_top_feature_importance_values number
  
  Advanced configuration option. Specifies the maximum number of feature importance values per document to return. By default, no feature importance calculation occurs.
  
  prediction_field_name string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  randomize_seed number
  
  Defines the seed for the random generator that is used to pick training data. By default, it is randomly generated. Set it to a specific value to use the same training data each time you start a job (assuming other related parameters such as source and analyzed_fields are the same).
  
  soft_tree_depth_limit number
  
  Advanced configuration option. Machine learning uses loss guided tree growing, which means that the decision trees grow where the regularized loss decreases most quickly. This soft limit combines with the soft_tree_depth_tolerance to penalize trees that exceed the specified depth; the regularized loss increases quickly beyond this depth. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.
  
  soft_tree_depth_tolerance number
  
  Advanced configuration option. This option controls how quickly the regularized loss increases when the tree depth exceeds soft_tree_depth_limit. By default, this value is calculated during hyperparameter optimization. It must be greater than or equal to 0.01.
  
  training_percent string | number
  
  One of:
  Percentage string Percentage number
  
  loss_function string
  
  The loss function used during regression. Available options are mse (mean squared error), msle (mean squared logarithmic error), huber (Pseudo-Huber loss).
  
  loss_function_parameter number
  
  A positive number that is used as a parameter to the loss_function.
- model_memory_limit string
- max_num_threads number
- analyzed_fields object
  Hide analyzed_fields attributes Show analyzed_fields attributes object
  
  includes array[string] Required
  
  An array of strings that defines the fields that will be excluded from the analysis. You do not need to add fields with unsupported data types to excludes, these fields are excluded from the analysis automatically.
  
  excludes array[string] Required
  
  An array of strings that defines the fields that will be included in the analysis.

Responses

200 application/json
Hide response attribute Show response attribute object
- feature_values array[object] Required
  
  An array of objects that contain feature name and value pairs. The features have been processed and indicate what will be sent to the model for training.
  
  Hide feature_values attribute Show feature_values attribute object
  
  * string Additional properties

POST /_ml/data_frame/analytics/{id}/_preview

curl \
 --request POST 'http://api.example.com/_ml/data_frame/analytics/{id}/_preview' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"config":{"source":{"index":"string","runtime_mappings":{"additionalProperty1":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"},"additionalProperty2":{"fields":{"additionalProperty1":{"type":"boolean"},"additionalProperty2":{"type":"boolean"}},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"additionalProperty1":{},"additionalProperty2":{}},"":"painless","options":{"additionalProperty1":"string","additionalProperty2":"string"}},"type":"boolean"}},"_source":{"includes":["string"],"excludes":["string"]},"query":{}},"analysis":{"classification":{"alpha":42.0,"dependent_variable":"string","downsample_factor":42.0,"early_stopping_enabled":true,"eta":42.0,"eta_growth_rate_per_tree":42.0,"feature_bag_fraction":42.0,"feature_processors":[{"frequency_encoding":{},"multi_encoding":{},"n_gram_encoding":{},"one_hot_encoding":{},"target_mean_encoding":{}}],"gamma":42.0,"lambda":42.0,"max_optimization_rounds_per_hyperparameter":42.0,"max_trees":42.0,"num_top_feature_importance_values":42.0,"prediction_field_name":"string","randomize_seed":42.0,"soft_tree_depth_limit":42.0,"soft_tree_depth_tolerance":42.0,"":"string","class_assignment_objective":"string","num_top_classes":42.0},"outlier_detection":{"compute_feature_influence":true,"feature_influence_threshold":42.0,"method":"string","n_neighbors":42.0,"outlier_fraction":42.0,"standardization_enabled":true},"regression":{"alpha":42.0,"dependent_variable":"string","downsample_factor":42.0,"early_stopping_enabled":true,"eta":42.0,"eta_growth_rate_per_tree":42.0,"feature_bag_fraction":42.0,"feature_processors":[{"frequency_encoding":{},"multi_encoding":{},"n_gram_encoding":{},"one_hot_encoding":{},"target_mean_encoding":{}}],"gamma":42.0,"lambda":42.0,"max_optimization_rounds_per_hyperparameter":42.0,"max_trees":42.0,"num_top_feature_importance_values":42.0,"prediction_field_name":"string","randomize_seed":42.0,"soft_tree_depth_limit":42.0,"soft_tree_depth_tolerance":42.0,"":"string","loss_function":"string","loss_function_parameter":42.0}},"model_memory_limit":"string","max_num_threads":42.0,"analyzed_fields":{"includes":["string"],"excludes":["string"]}}}'

Stop data frame analytics jobs Added in 7.3.0

POST /_ml/data_frame/analytics/{id}/_stop

Api key auth Basic auth Bearer auth

A data frame analytics job can be started and stopped multiple times throughout its lifecycle.

Path parameters

id string Required

Identifier for the data frame analytics job. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.

Query parameters

allow_no_match boolean
Specifies what to do when the request:
1. Contains wildcard expressions and there are no data frame analytics jobs that match.
2. Contains the _all string or no identifiers and there are no matches.
3. Contains wildcard expressions and there are only partial matches.
The default value is true, which returns an empty data_frame_analytics array when there are no matches and the subset of results when there are partial matches. If this parameter is false, the request returns a 404 status code when there are no matches or only partial matches.
force boolean

If true, the data frame analytics job is stopped forcefully.
timeout string

Controls the amount of time to wait until the data frame analytics job stops. Defaults to 20 seconds.

Responses

200 application/json
Hide response attribute Show response attribute object
- stopped boolean Required

POST /_ml/data_frame/analytics/{id}/_stop

curl \
 --request POST 'http://api.example.com/_ml/data_frame/analytics/{id}/_stop' \
 --header "Authorization: $API_KEY"

Delete an async search Added in 7.7.0

DELETE /_async_search/{id}

Api key auth Basic auth Bearer auth

If the asynchronous search is still running, it is cancelled. Otherwise, the saved search results are deleted. If the Elasticsearch security features are enabled, the deletion of a specific async search is restricted to: the authenticated user that submitted the original search request; users that have the cancel_task cluster privilege.

Path parameters

id string Required

A unique identifier for the async search.

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required
  
  For a successful response, this value is always true. On failure, an exception is returned instead.

DELETE /_async_search/{id}

curl \
 --request DELETE 'http://api.example.com/_async_search/{id}' \
 --header "Authorization: $API_KEY"

disk.total number | string

disk.used number | string

disk.avail number | string

disk.used_percent string | number

heap.percent string | number

ram.percent string | number

file_desc.percent string | number

size number | string

size.memory number | string

Body Required

Get the cluster health status Added in 1.3.0

Get node information Added in 1.3.0

max_content_length number | string

using_compressed_ordinary_object_pointers boolean | string

total_indexing_buffer_in_bytes number | string

Reload the keystore on nodes in the cluster Added in 6.5.0

ip string | array[string]

ip string | array[string]

ip string | array[string]

Get the cluster health Added in 8.7.0

Check in a connector Technical preview

Get a connector sync job Beta

cancelation_requested_at string | number

canceled_at string | number

completed_at string | number

default_value number | string | boolean | null Required

tooltip string | null

created_at string | number

updated_at string | number

created_at string | number Required

last_seen string | number

started_at string | number

Update the connector index name Beta

Body Required

index_name string | null

Get follower information Added in 6.7.0

max_read_request_size number | string

max_write_buffer_size number | string

max_write_request_size number | string

Get data stream stats Added in 7.9.0

store_size number | string

total_store_sizes number | string

Downsample an index Technical preview

Body Required

Get data stream lifecycle stats Added in 8.12.0

Body Required

Throttle a reindex operation Added in 2.4.0

Update documents Added in 2.4.0

lang string

task string | number

Get the async EQL status Added in 7.9.0

Get global checkpoints Added in 7.13.0

Executes several [fleet searches](https://www.elastic.co/guide/en/elasticsearch/reference/current/fleet-search.html) with a single API request Technical preview

Body object Required

_source boolean | object

lang string